About
PHL, the PHP Hash Library, is an object oriented set of classes designed to encapsulate enumeration of the hashes in a given build of mhash. It loads information that has been aggregated into an XML file and tests the hash speed of the algorithms. Currently most algorithms in mhash distributions are ranked and rated in accordance with the known information. Even when a hash is unknown the script makes its best attempt to extract what it can.
Currently, there is detailed information within the XML datafile on 38 different hashes.
Purpose
To abstract information about hashing algorithms present on a server, to rank by approximated fitness, and to allow the end-user (webmaster) to select which hash they desire for security. Serves to permit selection of secure, fast, hashes and dynamically set the character length of the database password, session, and any other hashed fields.
To allow easy, simplistic access to this data from installation scripts.
Preview »
License
The Mozilla Public License. Remember to credit me visibly and overtly within your documentation.
My only request is that: if you make money by using this script in your software please consider sending me a small chunk. No obligation, just a request. Feel free to PM me about it, if you so desire.
Includes- Base PHL script
- Demonstration/test script
- Sample function for fitness color coding
- README <-- it isn't there to be ignored!
- Documentation, generated by phpDocumentor
Credits- Salathe, for the regex pattern that works. (Location documented in source.)
Changelog
Code:
Changelog:
DONE (*)
CONSIDERING (?)
IN-PROGRESS (%)
SCRAPPED (-)
Version 1.0.2
* MANY tweaks to relatavisticStrength() in the test script.
* Full overhaul of the calculateFitness() method, yields better results.
* Test script now shows fatally flawed hashes visibly.
* XML file strength ratings rounded down to plain integers.
Version 1.0.1
* Switched dummy generation to inside getInstance() so unless you
use the phlHashList class there won't be any file generation.
* Classes renamed to 'phl' prefix, HashLib object now 'phl'.
- Throughput is now tested on a 512kb file once for speed comparison, PHP
may have slight performance trouble in hashing with MD2. Hashes are
done once, not three times, and no average or standard deviation are
generated.
? Perhaps I should implement a blacklist to ban the slowest hashes,
like MD2. Could extend to ones such as Adler and CRC.
% Documentation with phpDocumentor is relatively complete.
? Maybe make a custom template, the one I've got has bugs that drive
me up the wall. Like a front page with no version info, no author
list, or even copyright notice. Not good.
% Deprecation cleanup.
? Still considering the possibility of a cUrl update method, not likely
without request.
Version 1.0 -- the "PHP Hash Library"
* Full rewrite from scratch
* 100% object oriented
* Less procedural generation
? Not sure how to remove the dummy file generation
without loosing efficiency; may use DEFINE instead.
* Processing times averaged over three tests
* Standard deviation is calculated and used to weigh
the algorithm's general fitness.
* All data, save speed (dynamic calculation on end server)
stored in an XML file.
? Support cURL updating of XML database as algorithms
are reported.
* Full object oriented sorting of items supported
* Singleton-Factory design style
% Documentation
Version 0.2
* Rewrite to export significant data to XML
Version 0.1 -- Codename "Uber-Hash"
* Basic features
* Javascript sort
* 100% procedural
Join the friendly bunch on IRC...
the PHP Hash Library (PHL)
Linear Mode
