function PhpassHashedPasswordBase::generateSalt

Generates a random base 64-encoded salt prefixed with hash settings.

Proper use of salts may defeat a number of attacks, including:

  • The ability to try candidate passwords against multiple hashes at once.
  • The ability to use pre-hashed lists of candidate passwords.
  • The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.

Return value

string A 12 character string containing the iteration count and a random salt.

Deprecated

in drupal:10.3.0 and is removed from drupal:11.0.0. No replacement.

See also

https://www.drupal.org/node/3443277

1 call to PhpassHashedPasswordBase::generateSalt()
PhpassHashedPasswordBase::hash in core/lib/Drupal/Core/Password/PhpassHashedPasswordBase.php

File

core/lib/Drupal/Core/Password/PhpassHashedPasswordBase.php, line 139

Class

PhpassHashedPasswordBase
Legacy password hashing framework.

Namespace

Drupal\Core\Password

Code

protected function generateSalt() {
    @trigger_error(__METHOD__ . '() is deprecated in drupal:10.3.0 and is removed from drupal:11.0.0. No replacement. See https://www.drupal.org/node/3443277', E_USER_DEPRECATED);
    $output = '$S$';
    // We encode the final log2 iteration count in base 64.
    $output .= static::$ITOA64[$this->countLog2];
    // 6 bytes is the standard salt for a portable phpass hash.
    $output .= $this->base64Encode(random_bytes(6), 6);
    return $output;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.