Module: CryptCheckpass::PHCStringFormat

Included in:

PBKDF2, Scrypt

Defined in:

lib/crypt_checkpass/phc_string_format.rb

Overview

Note:

Argon2, which is the winner of PHC, ignores this format and go wild. It is highly skeptical that any other hash authors would switch to PHC's recommendation.

Helper module to handle PHC String Format-compatible strings

Format

This is how we understand the PHC String Format:

%r{
  (?<name>    [a-z0-9-]{,32}              ){0}
  (?<decimal> 0|-?[1-9][0-9]*             ){0}
  (?<b64>     [a-zA-Z0-9/+.-]*            ){0}

  (?<id>      \g<name>                    ){0}
  (?<param>   \g<name>                    ){0}
  (?<value>   \g<decimal> | \g<b64>       ){0}
  (?<salt>    \g<b64>                     ){0}
  (?<csum>    \g<b64>                     ){0}
  (?<pair>    \g<param> = \g<value>       ){0}
  (?<pairs>   \g<pair> (?:[,] \g<pair> )* ){0}

  \A [$] \g<id>
     [$] \g<pairs>
     [$] \g<salt>
     [$] \g<csum>
  \z
}x

• id is the name of the algorithm.

• pairs is a set of key-value pair, that are parameters to the algorithm. Keys should be human-readable, while values need not be.

• salt and csum are the salt and checksum strings. Both are encoded in what the spec says the "B64" encoding, which is a very slightly modified version of RFC4648 (no trailing ==... padding). They both can be arbitrary length.

See Also:

• https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md