lithium\security\Password::_generateSaltBf()
Generates a Blowfish salt for use in lithium\security\Password::hash()
. Note: Does not
use the 'encode'
option of Random::generate()
because it could result in 2 bits less of
entropy depending on the last character.
Parameters
-
integer
$count
The base-2 logarithm of the iteration count. Defaults to
10
. Can be4
to31
.
Returns
stringThe Blowfish salt.
Source
protected static function _generateSaltBf($count = null) {
$count = (integer) $count;
$count = ($count < 4 || $count > 31) ? static::BF : $count;
$base64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$i = 0;
$input = Random::generate(16);
$output = '';
do {
$c1 = ord($input[$i++]);
$output .= $base64[$c1 >> 2];
$c1 = ($c1 & 0x03) << 4;
if ($i >= 16) {
$output .= $base64[$c1];
break;
}
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 4;
$output .= $base64[$c1];
$c1 = ($c2 & 0x0f) << 2;
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 6;
$output .= $base64[$c1];
$output .= $base64[$c2 & 0x3f];
} while (1);
$result = '$2a$';
$result .= chr(ord('0') + $count / static::BF);
$result .= chr(ord('0') + $count % static::BF);
$result .= '$' . $output;
return $result;
}