Skip to end of metadata
Go to start of metadata

<ac:macro ac:name="unmigrated-inline-wiki-markup"><ac:plain-text-body><![CDATA[

<ac:macro ac:name="unmigrated-inline-wiki-markup"><ac:plain-text-body><![CDATA[

Zend Framework: Zend_Filter_Hash Component Proposal

Proposed Component Name Zend_Filter_Hash
Developer Notes
Proposers Justin Hendrickson
Zend Liaison TBD
Revision 1.0 - 26 August 2009: Initial Draft. (wiki revision: 28)

Table of Contents

1. Overview

Zend_Filter_Hash is an adapter driven filter class for hashing strings.

2. References

3. Component Requirements, Constraints, and Acceptance Criteria

  • This component will provide support for hashing strings.
  • This component will provide multiple adapters.

4. Dependencies on Other Framework Components

  • Zend_Filter_Interface
  • Zend_Filter_Exception

5. Theory of Operation

Zend_Filter_Hash will give a Zend_Filter interface to various hash extensions. Additionally, the crypt adapter will provide facilities for salting strings and comparing crypt'ed strings.

6. Milestones / Tasks

  • Milestone 1: Design notes will be published here. [DONE]
  • Milestone 2: Pulished working prototype.
  • Milestone 2: Working prototype checked into the incubator supporting use cases.
  • Milestone 3: Unit tests exist, work, and are checked into SVN.
  • Milestone 4: Initial documentation exists.

7. Class Index

  • Zend_Filter_Hash
  • Zend_Filter_Hash_Exception
  • Zend_Filter_Hash_Adapter_Interface
  • Zend_Filter_Hash_Adapter_Php
  • Zend_Filter_Hash_Adapter_Hash
  • Zend_Filter_Hash_Adapter_Crypt
  • Zend_Filter_Hash_Adapter_Crypt_SaltGenerator_Interface
  • Zend_Filter_Hash_Adapter_Crypt_SaltGenerator_Abstract
  • Zend_Filter_Hash_Adapter_Crypt_SaltGenerator_Bcrypt
  • Zend_Filter_Hash_Adapter_Crypt_SaltGenerator_ExtendedDes
  • Zend_Filter_Hash_Adapter_Crypt_SaltGenerator_Md5
  • Zend_Filter_Hash_Adapter_Crypt_SaltGenerator_StandardDes
  • Zend_Filter_Hash_Adapter_Crypt_SaltGenerator_Sha256
  • Zend_Filter_Hash_Adapter_Crypt_SaltGenerator_Sha512

8. Use Cases


Crypt a password using the system default algorithm.


Crypt a password using Bcrypt with a cost of 10 (direct loading of the salt generator).


Crypt a password using Bcrypt with a cost of 10 (lazy loading of the salt generator).


Hash a string with the hash extensions sha512 algorithm.


Hash a string with the php md5 algorithm.

9. Class Skeletons



proposal proposal Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
  1. Aug 27, 2009

    <p>There is an existing Zend_Filter_Encrypt which has actual adapters for MCrypt and OpenSSL.</p>

    <p>In my eyes it seems to be better to make an adapter for it instead of creating a new component which does also encryption and throws an exception on decryption for this adapter (f.e. Not supported, use MCrypt).</p>

    <p>Or as alternative you could create a Zend_Filter_Hash which provides ONLY encryption/hashing but no decryption. But also this component should/must use adapters as there are several libraries which could be used, and it does not make sense to provide one filter for each library when the usage is always the same.</p>

    1. Aug 27, 2009

      <p>I was debating exactly how this filter would fit considering Zend_Filter_Encrypt and decided to make it separate because it doesn't provide a decrypt mechanism. I like the idea of Zend_Filter_Hash w/adapters since Encrypt implies 2-way. I'll make the changes when I have a some time this afternoon.</p>

      1. Aug 27, 2009

        <p>Just because it does not provide decrypt(), does not mean that it would not fit.</p>

        <p>Within Zend_Filter_Compress we have also a Rar adapter which provides only decompression but no compression.</p>

        <p>As PHP's crypt method uses encryption methods and not hashing it would fit better into Zend_Filter_Encrypt in my opinion. Blowfish for example, or DES are no hashing algorithms. And when someone uses Bcrypt and needs decryption it would be 100% ok to throw an exception with the note "decryption only supported when Mcrypt is used".</p>

      2. Aug 27, 2009

        <p>Btw: I did not know Bcrypt nor was I said to integrate it.<br />
        Otherwise I would have added it when I made Zend_Filter_Encrypt. <ac:emoticon ac:name="wink" /></p>

        <p>When you think it fits, I can help you to get it ready. I don't think that we need a full proposal for only a new adapter. I could clearify this with the dev-team when you are interested.</p>

  2. Aug 28, 2009

    <p>Don't forget CRC32. It can also be used on Strings, not only on files. <ac:emoticon ac:name="wink" /></p>

    <p>And you need to outline the base adapter class. This does not mean that you have to finish coding. Just show the methods and their parameters. <ac:emoticon ac:name="smile" /></p>

  3. Aug 28, 2009

    <p>After some review of the PHP hash extension and the crypt method, I feel like it'd make sense to create two separate filters: Zend_Filter_Hash and Zend_Filter_Crypt. How would you feel about splitting things up that way?</p>

    1. Aug 28, 2009

      <p>-1 for this...</p>

      <p>What's the different from a user's point of view between Zend_Filter_Crypt and Zend_Filter_Encrypt. None... both (en)erypt data. That's why I initially said that crypt would fit perfect into Zend_Filter_Encrypt.</p>

      <p>My opinion is eighter adapter for crypt into Zend_Filter_Encrypt (would fit perfect).<br />
      Or make a independent Zend_Filter_Hash (which I would do if you don't want to).</p>

      1. Aug 28, 2009

        <p>The problem is that crypt() is for generating and comparing salted and hashed password, not encryption.</p>

        <p>If the only concern is that Crypt, by name alone, implies encryption and would cause confusion with Zend_Filter_Encrypt, then I'm sure I/you/someone could come up with a better name.</p>

        1. Aug 28, 2009

          <p>But as you said, crypt() generates hashed strings.<br />
          So why not use it as one adapter for Zend_Filter_Hash as I said first?</p>

          <p>My concern is that we should not make several filters which do the same. One thing is encryption and the other is hashing. And according to your reply crypt() is definetly creating a hash.</p>