Page 1 of 1

PBKDF1 Algorithm in PHP

Posted: Tue Aug 17, 2010 6:04 pm
by Celcius
I am looking to write the PBKDF1 Algorithm in PHP.
I believe this algorithm is similar to this class instance in C#:

Code: Select all

PasswordDeriveBytes password = new PasswordDeriveBytes(passPhrase, saltValueBytes, hashAlgorithm, passwordIterations);
Here is an explanation of the PBKDF1 Algorithm from here - http://www.faqs.org/rfcs/rfc2898.html
[text]
5.1 PBKDF1

PBKDF1 applies a hash function, which shall be MD2 [6], MD5 [19] or
SHA-1 [18], to derive keys. The length of the derived key is bounded
by the length of the hash function output, which is 16 octets for MD2
and MD5 and 20 octets for SHA-1. PBKDF1 is compatible with the key
derivation process in PKCS #5 v1.5.

PBKDF1 is recommended only for compatibility with existing
applications since the keys it produces may not be large enough for
some applications.

PBKDF1 (P, S, c, dkLen)

Options: Hash underlying hash function

Input: P password, an octet string
S salt, an eight-octet string
c iteration count, a positive integer
dkLen intended length in octets of derived key,
a positive integer, at most 16 for MD2 or
MD5 and 20 for SHA-1

Output: DK derived key, a dkLen-octet string

Steps:

1. If dkLen > 16 for MD2 and MD5, or dkLen > 20 for SHA-1, output
"derived key too long" and stop.

2. Apply the underlying hash function Hash for c iterations to the
concatenation of the password P and the salt S, then extract
the first dkLen octets to produce a derived key DK:

T_1 = Hash (P || S) ,
T_2 = Hash (T_1) ,
...
T_c = Hash (T_{c-1}) ,
DK = Tc<0..dkLen-1>

3. Output the derived key DK.
[/text]

And here is my attempt at the function, which I don't think is producing the proper results (using SHA1).

Code: Select all

$HashPassPhrase = "passparse";
$Hashsalt = "saltvalue";
$Iterations = 100;
$devkeylength = 32;

$devkey = PBKDF1($HashPassPhrase,$Hashsalt,$Iterations,$devkeylength);

	function PBKDF1($pass,$salt,$count,$dklen)
	{
		$t = sha1($pass.$salt);
		for($i=1; $i < $count; $i++)
		{
			$t = sha1($t);
		}
		$t = substr($t,0,$dklen-1);
		return $t;
	}

Re: PBKDF1 Algorithm in PHP

Posted: Wed Aug 18, 2010 3:06 am
by Weirdan
Most likely you need to pass 'true' as a second parameter to sha1(). Otherwise you're applying successive hashing on the hex-encoded hash representation, not the hash itself.