PHP: openssl_pbkdf2 - Manual
(PHP 5 >= 5.5.0, PHP 7, PHP 8)
openssl_pbkdf2 — Generates a PKCS5 v2 PBKDF2 string
Description
Parameters
password-
Password from which the derived key is generated.
salt- PBKDF2 recommends a cryptographic salt of at least 128 bits (16 bytes).
key_length-
Length of desired output key.
iterations-
The number of iterations desired. » NIST recommends at least 1,000. As of 2023, OWASP recommends 600,000 iterations for PBKDF2-HMAC-SHA256 and 210,000 for PBKDF2-HMAC-SHA512.
digest_algo-
Optional hash or digest algorithm from openssl_get_md_methods(). Defaults to SHA-1. It is recommended to set it to SHA-256 or SHA-512.
Return Values
Returns raw binary string or false on failure.
Examples
Example #1 openssl_pbkdf2() example
<?php
$password = 'password';
$salt = openssl_random_pseudo_bytes(16);
$keyLength = 20;
$iterations = 600000;
$generated_key = openssl_pbkdf2($password, $salt, $keyLength, $iterations, 'sha256');
echo bin2hex($generated_key)."\n";
echo base64_encode($generated_key)."\n";
?>See Also
- hash_pbkdf2() - Generate a PBKDF2 key derivation of a supplied password
- openssl_get_md_methods() - Gets available digest methods
Found A Problem?
12 years ago
Despite the manual claiming that this is available in PHP 5.5 and above, this function wasn't made available in my local install.
I expect that having a prehistoric OpenSSL library version installed is the likely culprit.
If you're using PHP 5.5 and don't have this function available in your OpenSSL extension, look at the functionally equivalent hash_pbkdf2 function instead.