mhash_keygen_s2k — Generates a salted key based on the specified hash algorithm.
string mhash_keygen_s2k(hash, password, salt, bytes);
const hash: mhash constant representing a specific hash algorithm
string password: User password
string salt: Random data
int bytes: Key length
Salted key value as a string; FALSE on error
mhash_keygen_s2k() generates a key of bytes length from a user-given password , using the hash hash . This produces the “Salted S2K” data element described in RFC 2440. This function can be used to compute checksums, message digests, and other signatures.
The salt is a random piece of data used to generate the key. To check the key, you must also know the salt , so it’s a good idea to append the salt to the key for checking. As long as password is not sent as well, your hash is still secure. In addition, salt has a fixed length of 8 bytes and will be padded with zeros if you supply fewer bytes.
// This is a bad salt!
$salt = “asdf1234″;
$password = “pass”;
$hash = mhash_keygen_s2k(MHASH_MD5, $password, $salt, 16);
$key = bin2hex($hash);