Skip to content
This repository has been archived by the owner on Jan 29, 2020. It is now read-only.

Added a benchmark for the bcrypt cost parameter + fixed a unit test #26

Merged
merged 3 commits into from
May 9, 2016
Merged

Added a benchmark for the bcrypt cost parameter + fixed a unit test #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6ac6572
Added a benchmark for the bcrypt cost parameter
ezimuel May 6, 2016
f9f9b08
Fixed the cost max value in test
ezimuel May 6, 2016
7fe88ff
Fixed a unit test
ezimuel May 6, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions src/Password/Bcrypt.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,4 +155,25 @@ public function getSalt()

return $this->salt;
}

/**
* Benchmark the bcrypt hash generation to determine the cost parameter
* based on time to target. The default time to test is 50 milliseconds
* which is a good baseline for systems handling interactive logins.
* If you increase the time you will get high cost with better security but
* you need to be careful because you can expose your system to DoS attacks.
*
* @see php.net/manual/en/function.password-hash.php#refsect1-function.password-hash-examples
*/
public function benchmarkCost($timeTarget = 0.05)
{
$cost = 8;
do {
$cost++;
$start = microtime(true);
password_hash("test", PASSWORD_BCRYPT, [ 'cost' => $cost ]);
$end = microtime(true);
} while (($end - $start) < $timeTarget);
return $cost;
}
}
7 changes: 7 additions & 0 deletions test/Password/BcryptTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,4 +116,11 @@ public function testGetSaltError()
{
$salt = $this->bcrypt->getSalt();
}

public function testBenchmarkCost()
{
$cost = $this->bcrypt->benchmarkCost();
$this->assertInternalType("int", $cost);
$this->assertTrue($cost > 8 && $cost < 32);
}
}
4 changes: 4 additions & 0 deletions test/SymmetricPluginManagerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
use Interop\Container\ContainerInterface;
use Zend\Crypt\SymmetricPluginManager;
use Zend\Crypt\Symmetric\SymmetricInterface;
use Zend\Crypt\Symmetric\Exception;

class SymmetricPluginManagerTest extends \PHPUnit_Framework_TestCase
{
Expand Down Expand Up @@ -43,6 +44,9 @@ public function testHas($symmetric)
*/
public function testGet($symmetric)
{
if (! extension_loaded($symmetric)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the extension_loaded check can be placed before new SymmetricPluginManager creation.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@samsonasik why? The symmetric plugins are loaded only on the get() execution, not in the constructor of SymmetricPluginManager.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can skip the instantiation step if extension not loaded, and set expected exception, because in next line, the extension used in the tests.

Warm regards,

Abdul Malik Ikhsan

Pada 6 Mei 2016, pukul 15.44, Enrico Zimuel [email protected] menulis:

In test/SymmetricPluginManagerTest.php:

@@ -44,6 +45,9 @@ public function testHas($symmetric)
public function testGet($symmetric)
{
$plugin = new SymmetricPluginManager();

  •    if (! extension_loaded($symmetric)) {
    @samsonasik why? The symmetric plugins are loaded only on the get() execution, not in the constructor of SymmetricPluginManager.


You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@samsonasik ok, I will move it, not a big difference anyway.

$this->setExpectedException(Exception\RuntimeException::class);
}
$plugin = new SymmetricPluginManager();
$this->assertInstanceof(SymmetricInterface::class, $plugin->get($symmetric));
}
Expand Down