wp_fast_hash()
云策文档标注
概述
wp_fast_hash() 是 WordPress 6.8.0 引入的函数,用于使用快速通用哈希算法生成消息的加密安全哈希值。它主要用于内部处理高熵安全密钥和应用程序密码,不适用于用户生成密码或其他低熵输入。
关键要点
- 函数用途:生成加密安全哈希,基于 Sodium 的 BLAKE2b 算法,适用于高熵输入(如安全密钥)。
- 注意事项:输入必须来自高熵随机生成器(建议大于 128 位),不进行加盐处理,不应用于用户密码(使用 wp_hash_password())或低熵输入(使用 wp_hash())。
- 相关函数:使用 wp_verify_fast_hash() 验证哈希值,内部用于 WP_Application_Passwords 等类。
- 参数:$message(字符串,必需)为要哈希的消息。
- 返回值:返回字符串形式的哈希值,格式以 '$generic$' 开头。
代码示例
function wp_fast_hash(
#[SensitiveParameter]
string $message
): string {
$hashed = sodium_crypto_generichash( $message, 'wp_fast_hash_6.8+', 30 );
return '$generic$' . sodium_bin2base64( $hashed, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING );
}
原文内容
Returns a cryptographically secure hash of a message using a fast generic hash function.
Description
Use the wp_verify_fast_hash() function to verify the hash.
This function does not salt the value prior to being hashed, therefore input to this function must originate from a random generator with sufficiently high entropy, preferably greater than 128 bits. This function is used internally in WordPress to hash security keys and application passwords which are generated with high entropy.
Important:
- This function must not be used for hashing user-generated passwords. Use wp_hash_password() for that.
- This function must not be used for hashing other low-entropy input. Use wp_hash() for that.
The BLAKE2b algorithm is used by Sodium to hash the message.
Parameters
$messagestringrequired-
The message to hash.
Source
function wp_fast_hash(
#[SensitiveParameter]
string $message
): string {
$hashed = sodium_crypto_generichash( $message, 'wp_fast_hash_6.8+', 30 );
return '$generic$' . sodium_bin2base64( $hashed, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING );
}
Changelog
| Version | Description |
|---|---|
| 6.8.0 | Introduced. |