lithium\security\Password::_generateSaltBf()

protected static method

Generates a Blowfish salt for use in lithium\security\Password::hash(). Note: Does not use the 'encode' option of Random::generate() because it could result in 2 bits less of entropy depending on the last character.

Parameters

  • integer $count

    The base-2 logarithm of the iteration count. Defaults to 10. Can be 4 to 31.

Returns

string

The Blowfish salt.

Source

	protected static function _generateSaltBf($count = null) {
		$count = (integer) $count;
		$count = ($count < 4 || $count > 31) ? static::BF : $count;

		$base64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
		$i = 0;

		$input = Random::generate(16);
		$output = '';

		do {
			$c1 = ord($input[$i++]);
			$output .= $base64[$c1 >> 2];
			$c1 = ($c1 & 0x03) << 4;
			if ($i >= 16) {
				$output .= $base64[$c1];
				break;
			}

			$c2 = ord($input[$i++]);
			$c1 |= $c2 >> 4;
			$output .= $base64[$c1];
			$c1 = ($c2 & 0x0f) << 2;

			$c2 = ord($input[$i++]);
			$c1 |= $c2 >> 6;
			$output .= $base64[$c1];
			$output .= $base64[$c2 & 0x3f];
		} while (1);

		$result = '$2a$';
		$result .= chr(ord('0') + $count / static::BF);
		$result .= chr(ord('0') + $count % static::BF);
		$result .= '$' . $output;

		return $result;
	}