Strong cryptography tools and password hashing

Overview

laminas-crypt

πŸ‡·πŸ‡Ί Русским Π³Ρ€Π°ΠΆΠ΄Π°Π½Π°ΠΌ

ΠœΡ‹, участники Laminas, Ρ€ΠΎΠ΄ΠΈΠ»ΠΈΡΡŒ ΠΈ ΠΆΠΈΠ²Π΅ΠΌ Π² Ρ€Π°Π·Π½Ρ‹Ρ… странах. Π£ ΠΌΠ½ΠΎΠ³ΠΈΡ… ΠΈΠ· нас Π΅ΡΡ‚ΡŒ Π΄Ρ€ΡƒΠ·ΡŒΡ, родствСнники ΠΈ ΠΊΠΎΠ»Π»Π΅Π³ΠΈ ΠΊΠ°ΠΊ Π² России, Ρ‚Π°ΠΊ ΠΈ Π² Π£ΠΊΡ€Π°ΠΈΠ½Π΅. НСкоторыС ΠΈΠ· нас Ρ€ΠΎΠ΄ΠΈΠ»ΠΈΡΡŒ Π² России. НСкоторыС ΠΈΠ· нас ΠΆΠΈΠ²ΡƒΡ‚ Π² России. Π£ Π½Π΅ΠΊΠΎΡ‚ΠΎΡ€Ρ‹Ρ… Π±Π°Π±ΡƒΡˆΠΊΠΈ ΠΈ Π΄Π΅Π΄ΡƒΡˆΠΊΠΈ ΡΡ€Π°ΠΆΠ°Π»ΠΈΡΡŒ с Ρ„Π°ΡˆΠΈΡΡ‚Π°ΠΌΠΈ Π²ΠΎ Π’Ρ‚ΠΎΡ€ΠΎΠΉ ΠΌΠΈΡ€ΠΎΠ²ΠΎΠΉ Π²ΠΎΠΉΠ½Π΅. Π—Π΄Π΅ΡΡŒ Π½ΠΈΠΊΡ‚ΠΎ Π½Π΅ ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΈΠ²Π°Π΅Ρ‚ Ρ„Π°ΡˆΠΈΠ·ΠΌ.

Π£ ΠΎΠ΄Π½ΠΎΠ³ΠΎ ΠΈΠ· нас Π΅ΡΡ‚ΡŒ украинская родствСнница, которая спаслась ΠΈΠ· Π΄ΠΎΠΌΠ° вмСстС с сыном. ПоСзд задСрТался ΠΈΠ·-Π·Π° Π±ΠΎΠΌΠ±Π΅ΠΆΠΊΠΈ Π½Π° Π΄ΠΎΡ€ΠΎΠ³Π΅ Π²ΠΏΠ΅Ρ€Π΅Π΄ΠΈ. Π£ нас Π΅ΡΡ‚ΡŒ Π΄Ρ€ΡƒΠ·ΡŒΡ, ΠΊΠΎΡ‚ΠΎΡ€Ρ‹Π΅ прячутся Π² Π±ΠΎΠΌΠ±ΠΎΡƒΠ±Π΅ΠΆΠΈΡ‰Π°Ρ…. ΠœΡ‹ с Ρ‚Ρ€Π΅Π²ΠΎΠ³ΠΎΠΉ ΠΆΠ΄Π΅ΠΌ вСсточки ΠΎΡ‚ Π½ΠΈΡ… послС Π²ΠΎΠ·Π΄ΡƒΡˆΠ½Ρ‹Ρ… Π½Π°Π»Π΅Ρ‚ΠΎΠ², ΠΊΠΎΡ‚ΠΎΡ€Ρ‹Π΅ бСспорядочно наносят ΡƒΠ΄Π°Ρ€Ρ‹ ΠΈ ΠΏΠΎΠΏΠ°Π΄Π°ΡŽΡ‚ ΠΏΠΎ Π±ΠΎΠ»ΡŒΠ½ΠΈΡ†Π°ΠΌ, школам, дСтским садам ΠΈ Π΄ΠΎΠΌΠ°ΠΌ. ΠœΡ‹ Π½Π΅ Π±Π΅Ρ€Π΅ΠΌ это ΠΈΠ· ΠΊΠ°ΠΊΠΈΡ…-Π»ΠΈΠ±ΠΎ БМИ. ΠœΡ‹ наблюдаСм это Π½Π°ΠΏΡ€ΡΠΌΡƒΡŽ.

Π’Ρ‹ довСряСтС Π½Π°ΠΌ достаточно, Ρ‡Ρ‚ΠΎΠ± ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚ΡŒ наши ΠΏΡ€ΠΎΠ³Ρ€Π°ΠΌΠΌΡ‹, ΠΈ ΠΌΡ‹ просим вас Π΄ΠΎΠ²Π΅Ρ€ΠΈΡ‚ΡŒΡΡ Π½Π°ΠΌ вновь. ΠœΡ‹ нуТдаСмся Π² ΠΏΠΎΠΌΠΎΡ‰ΠΈ. Π’Ρ‹Ρ…ΠΎΠ΄ΠΈΡ‚Π΅ ΠΈ протСстуйтС ΠΏΡ€ΠΎΡ‚ΠΈΠ² этой бСсполСзной Π²ΠΎΠΉΠ½Ρ‹. ΠžΡΡ‚Π°Π½ΠΎΠ²ΠΈΡ‚Π΅ ΠΊΡ€ΠΎΠ²ΠΎΠΏΡ€ΠΎΠ»ΠΈΡ‚ΠΈΠ΅. Π‘ΠΊΠ°ΠΆΠΈΡ‚Π΅ "НСт Π²ΠΎΠΉΠ½Π΅!"

πŸ‡ΊπŸ‡Έ To Citizens of Russia

We at Laminas come from all over the world. Many of us have friends, family and colleagues in both Russia and Ukraine. Some of us were born in Russia. Some of us currently live in Russia. Some have grandparents who fought Nazis in World War II. Nobody here supports fascism.

One team member has a Ukrainian relative who fled her home with her son. The train was delayed due to bombing on the road ahead. We have friends who are hiding in bomb shelters. We anxiously follow up on them after the air raids, which indiscriminately fire at hospitals, schools, kindergartens and houses. We're not taking this from any media. These are our actual experiences.

You trust us enough to use our software. We ask that you trust us to say the truth on this. We need your help. Go out and protest this unnecessary war. Stop the bloodshed. Say "stop the war!"

This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering Committee. If you have a security issue, please follow our security reporting guidelines. If you wish to take on the role of maintainer, please nominate yourself

Build Status

Laminas\Crypt provides support of some cryptographic tools. Some of the available features are:

  • encrypt-then-authenticate using symmetric ciphers (the authentication step is provided using HMAC);
  • encrypt/decrypt using symmetric and public key algorithm (e.g. RSA algorithm);
  • encrypt/decrypt using hybrid mode (OpenPGP like);
  • generate digital sign using public key algorithm (e.g. RSA algorithm);
  • key exchange using the Diffie-Hellman method;
  • key derivation function (e.g. using PBKDF2 algorithm);
  • secure password hash (e.g. using Bcrypt algorithm);
  • generate Hash values;
  • generate HMAC values;

The main scope of this component is to offer an easy and secure way to protect and authenticate sensitive data in PHP.

Comments
  • PHP 8.1 support

    PHP 8.1 support

    | Q | A |-------------- | ------ | Documentation | no | Bugfix | no | BC Break | no | New Feature | no | RFC | no | QA | no

    Description

    Declared php 8.1 support It has dependency to the laminas-authentication package

    Enhancement hacktoberfest-accepted 
    opened by konarshankar07 17
  • has() and get() function not compatible with psr/container 1.1.1 using declare_strict or preload

    has() and get() function not compatible with psr/container 1.1.1 using declare_strict or preload

    BC Break Report

    | Q | A |------------ | ------ | Version | 3.8.0

    Summary

    Current implementation of has() and get() functions not compatible with psr/container 1.1.1 using opcache.preload or declare_strict

    PHP Fatal error: Declaration of Laminas\Crypt\Symmetric\PaddingPluginManager::has(string $id) must be compatible with Psr\Container\ContainerInterface::has(string $id): bool in /var/www/.../vendor/laminas/laminas-crypt/src/Symmetric/PaddingPluginManager.php on line 32 PHP Fatal error: Declaration of Laminas\Crypt\Symmetric\PaddingPluginManager::get($id) must be compatible with Psr\Container\ContainerInterface::get(string $id): object in /var/www/.../vendor/laminas/laminas-crypt/src/Symmetric/PaddingPluginManager.php on line 43

    Same for has and get in Laminas\Crypt\SymmetricPluginManager

    BC Break 
    opened by lampi87 8
  • Removal of `container-interop/container-interop`

    Removal of `container-interop/container-interop`

    Feature Request

    | Q | A |------------ | ------ | New Feature | yes | BC Break | yes

    Summary

    This issue is created to keep track of the status of getting rid container-interop in the laminas components.

    Enhancement 
    opened by boesing 6
  • Add Argon2i for password hashing

    Add Argon2i for password hashing

    This PR adds an extra class for the argon2i password hash algorithm introduced with PHP7.2.

    There are some open questions with this:

    1. Do we really want to have 1 new class for each algorithm PHP addes? "Argon2id" is just around the corner...

    2. PHP's password_verify() accepts currently both Bcrypt and Argon2i hashes. So basically you could either use the Bcrypt class or the Argon2i class to verify either hashes. This makes it pretty easy to migrate users from Bcrypt to Argon2i:

    • Use the new Argon2i class as the dependency
    • old bcrypt passwords are still verified correctly
    • new password will be created with argon2i
    1. Do we need a wrapper function for password_needs_rehash() ? This would mean we need some kind of inter-class upgrade path (from class Bcrypt to Argon2i in future php-versions). Although we dont know WHY password_needs_rehash() returns false: is it because of the algorithm or the cost value(s)?

    2. This class is marked as PHP7.2+ only (it throws an exception in the constructor). Do we want to provide fallbacks of some kind for older PHP Versions?

    3. Other than the algorithm no other PHP7.2+ specific features were used in this class (e. g. scalar type hints and return types) because a syntax error is much more heavy and harder to catch than a constructor-exception (Pre 7.0). Should type hints and return types get added because its a PHP7.2+ class anyway?


    Originally posted by @MatthiasKuehneEllerhold at https://github.com/zendframework/zend-crypt/pull/58

    opened by weierophinney 5
  • Adds previously dynamic properties for PHP 8.2 compatibility

    Adds previously dynamic properties for PHP 8.2 compatibility

    At the moment, laminas-filter needs this for it's CI to pass. See

    https://github.com/laminas/laminas-filter/pull/90

    and one of the run failures here

    https://github.com/laminas/laminas-filter/actions/runs/3717446853/jobs/6304805223

    Bug Won't Fix 
    opened by gsteel 4
  • Consider libsodium / sodium_compat for modern public-key crypto

    Consider libsodium / sodium_compat for modern public-key crypto

    https://github.com/paragonie/sodium_compat#cryptography-primitives-provided

    Zend\Crypt users interested in modern ECC may want to see sodium_compat adopted in the near future. In particular, public-key encryption via ParagonIE_Sodium_Compat::crypto_box_seal() and digital signatures via ParagonIE_Sodium_Compat::crypto_sign_detached().

    I would, however, wait until sodium_compat has been audited first: https://github.com/paragonie/sodium_compat/issues/8


    Originally posted by @paragonie-scott at https://github.com/zendframework/zend-crypt/issues/43

    opened by weierophinney 3
  • Added support for PHP 8.1

    Added support for PHP 8.1

    | Q | A |-------------- | ------ | Documentation | no | Bugfix | no | BC Break | no | New Feature | yes | RFC | no | QA | no

    Description

    Rebased and simplified version of #14, does not throw deprecation messages on PHP 8.1.

    Enhancement 
    opened by driehle 2
  • Replace `container-interop/container-interop`

    Replace `container-interop/container-interop`

    Replace deprecated container-interop/container-interop with psr/container

    "Package container-interop/container-interop is abandoned, you should avoid using it. Use psr/container instead."

    opened by mlapkin 2
  • Test failure on arm

    Test failure on arm

    From Fedora QA https://apps.fedoraproject.org/koschei/package/php-zendframework-zend-crypt?collection=f28

    We encounter erratic test suite failure

    • Test suite fails when builder is an arm computer
    • Test suite passes everywhere else
    There were 4 failures:
    1) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorSalsa208Core
    Failed asserting that two strings are equal.
    --- Expected
    +++ Actual
    @@ @@
    -'a41f859c6608cc993b81cacb020cef05044b2181a2fd337dfd7b1c6396682f29b4393168e3c9e6bcfe6bc5b7a06d96bae424cc102c91745c24ad673dc7618f81'
    +'65926f050000000028b57eb7d8079020dea4b71fcf1a2ba072c0cab4c93fb6556e2447cb6713f9c4e77fea859a18026c175d2aaba5f484900000000065397009'
    /builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:56
    2) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorScryptBlockMix
    Failed asserting that two strings are equal.
    --- Expected
    +++ Actual
    @@ @@
    -'a41f859c6608cc993b81cacb020cef05044b2181a2fd337dfd7b1c6396682f29b4393168e3c9e6bcfe6bc5b7a06d96bae424cc102c91745c24ad673dc7618f8120edc975323881a80540f64c162dcd3c21077cfe5f8d5fe2b1a4168f953678b77d3b3d803b60e4ab920996e59b4d53b65d2a225877d5edf5842cb9f14eefe425'
    +'65926f050000000028b57eb7d8079020dea4b71fcf1a2ba072c0cab4c93fb6556e2447cb6713f9c4e77fea859a18026c175d2aaba5f4849000000000653970092a7c7e69abf6e67f2bf8f0b400000000b769a515b7db8485d347f4e2abe448101012149261772322a53e07fdc1ba1c14f0f8df09abdae6ca620f98f800000000'
    /builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:90
    3) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorScryptROMix
    Failed asserting that two strings are equal.
    --- Expected
    +++ Actual
    @@ @@
    -'79ccc193629debca047f0b70604bf6b62ce3dd4a9626e355fafc6198e6ea2b46d58413673b99b029d665c357601fb426a0b2f4bba200ee9f0a43d19b571a9c71ef1142e65d5a266fddca832ce59faa7cac0b9cf1be2bffca300d01ee387619c4ae12fd4438f203a0e4e1c47ec314861f4e9087cb33396a6873e8f9d2539a4b8e'
    +'226231f300000000c5eefc3d0000000038da7f66d108c506ee48cef300000000e8b3ef4ffcf1b396d308bfe0c90c825800000000073b2afc3cf1324600000000f73554500000000099e71816a8457c49a8e6ce14a6af6b0e88636ac921c78dbe8b3ddc7f1e0c19bf8b30e6b0436369ec867beb125b63f26059db393c297e83f3'
    /builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:124
    4) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorScrypt
    Failed asserting that two strings are equal.
    --- Expected
    +++ Actual
    @@ @@
    -'d33c6ec1818daaf728f55afadfeaa558b38efa81305b3521a7f12f4be097e84d184092d2a2e93bf71fd1efe052710f66b956ce45da43aa9099de7406d3a05e2a'
    +'caf1c85d0594b50d3ad3b16de5fcda6e5b814fa32bf16bdbd5b43e60af6b227f8496a2a619338c13a996a24d0d8e6bb014e499ba00823121524939f66b4f1c35'
    /builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:142
    

    P.S. arm is quite common on low cost devices (ex: raspberry pi)


    Originally posted by @remicollet at https://github.com/zendframework/zend-crypt/issues/53

    opened by weierophinney 2
  • Configure Renovate

    Configure Renovate

    Mend Renovate

    Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

    🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.


    Detected Package Files

    • composer.json (composer)
    • .github/workflows/auto-close.yml (github-actions)
    • .github/workflows/continuous-integration.yml (github-actions)
    • .github/workflows/docs-build.yml (github-actions)
    • .github/workflows/release-on-milestone-closed.yml (github-actions)

    Configuration Summary

    Based on the default config's presets, Renovate will:

    • Start dependency updates only once this onboarding PR is merged
    • Enable Renovate Dependency Dashboard creation.
    • Ignore node_modules, bower_components, vendor and various test/tests directories.
    • Automerge patch and minor upgrades if they pass tests.
    • If automerging, push the new commit directly to the base branch (no PR).
    • Wait for branch tests to pass or fail before creating the PR.
    • Rebase existing PRs any time the base branch has been updated.
    • Separate major versions of dependencies into individual branches/PRs.
    • Do not separate patch and minor upgrades into separate PRs for the same dependency.
    • Raise PR when vulnerability alerts are detected.
    • Evaluate schedules according to timezone UTC.
    • Append Signed-off-by: to signoff Git commits.
    • Apply label renovate to PRs.
    • Group all minor and patch updates together.
    • Default configuration for repositories in the Laminas organisation

    πŸ”‘ Would you like to change the way Renovate is upgrading your dependencies? Simply edit the renovate.json in this branch with your custom config and the list of Pull Requests in the "What to Expect" section below will be updated the next time Renovate runs.


    What to Expect

    With your current configuration, Renovate will create 2 Pull Requests:

    chore(deps): update dependency psr/container to v2
    • Schedule: ["at any time"]
    • Branch name: renovate/psr-container-2.x
    • Merge into: 3.9.x
    • Upgrade psr/container to ^1.1 || ^2.0
    chore(deps): lock file maintenance
    • Schedule: ["before 2am"]
    • Branch name: renovate/lock-file-maintenance
    • Merge into: 3.9.x
    • Regenerate lock files to use latest dependency versions

    ❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section. If you need any further assistance then you can also request help here.


    Read more information about the use of Renovate Bot within Laminas.

    renovate 
    opened by renovate[bot] 1
  • Prepare for Renovate-Bot

    Prepare for Renovate-Bot

    | Q | A |-------------- | ------ | Documentation | no | Bugfix | no | BC Break | no | New Feature | yes | RFC | yes | QA | yes

    Description

    This patch prepares for the Renovate-Bot, performing the following changes:

    • DROPS support for PHP 7.3
    • Updates to Laminas CI 2.3 series (disabling strict types sniff), and applies automated and manual phpcs fixes as flagged by the Laminas CS
    • Adds a platform PHP configuration settings
    • Updates the CI and release workflows to use the automated workflows
    Enhancement 
    opened by weierophinney 1
Releases(3.9.0)
Owner
Laminas Project
Laminas components and MVC.
Laminas Project
Fast, general Elliptic Curve Cryptography library. Supports curves used in Bitcoin, Ethereum and other cryptocurrencies (secp256k1, ed25519, ..)

Fast Elliptic Curve Cryptography in PHP Information This library is a PHP port of elliptic, a great JavaScript ECC library. Supported curve types: Sho

Simplito 178 Dec 28, 2022
πŸ”’ Password Exposed Helper Function - Check if a password has been exposed in a data breach.

?? Password Exposed Helper Function This PHP package provides a password_exposed helper function, that uses the haveibeenpwned.com API to check if a p

Jordan Hall 212 Oct 24, 2022
High-level cryptography interface powered by libsodium

Halite Halite is a high-level cryptography interface that relies on libsodium for all of its underlying cryptography operations. Halite was created by

Paragon Initiative Enterprises 1.1k Dec 22, 2022
Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium)

Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium), a core extension in PHP 7.2.0+ and otherwise available in PECL.

Paragon Initiative Enterprises 817 Dec 26, 2022
πŸ€– Id obfuscation based on Knuth's multiplicative hashing method for PHP.

Optimus id transformation With this library, you can transform your internal id's to obfuscated integers based on Knuth's integer hash. It is similar

Jens Segers 1.2k Jan 2, 2023
Password manager featuring client-side encryption, vaults, folders and more.

vaults is a password manager featuring client side AES-256 encryption, PBKDF2 hashing, vaults, password generation & more. Features Technical overview

null 27 Nov 18, 2022
Antware NinjaCrypter is an experimental username and password cookie string class for PHP

Antware NinjaCrypter is an experimental username and password cookie string class for PHP. For study case this crypter is based on password crypting ideology but can also encrypt username and password for storing cookie string that way your login details will not be exposed by hackers that search through cookie string.

Chukwu Remijius 1 Nov 25, 2021
A simple, yet feature rich password manager for Nextcloud

Easy to use yet feature-rich and secure password manager for Nextcloud

M. Wieschollek 169 Jan 3, 2023
CrimeFlare - This tools can help you to see the real IP behind CloudFlare protected websites

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

Zidan Rahmandani 428 Jan 3, 2023
Automatic Encrypt and Decrypt your database data. Tested and used on Laravel 8

Laravel Encrypt Database Automatic Encrypt and Decrypt your database data. Tested and used on Laravel 8. I'm yet building the tests. Important Note th

Wellington Barbosa 2 Dec 15, 2021
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Graham Campbell 170 Nov 20, 2022
PHP 5.x support for random_bytes() and random_int()

random_compat PHP 5.x polyfill for random_bytes() and random_int() created and maintained by Paragon Initiative Enterprises. Although this library sho

Paragon Initiative Enterprises 8k Jan 5, 2023
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Jan 6, 2023
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

null 752 Jan 3, 2023
A library for generating random numbers and strings

RandomLib A library for generating random numbers and strings of various strengths. This library is useful in security contexts. Install Via Composer

Anthony Ferrara 832 Nov 24, 2022
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

PΓ‘draic Brady 131 Oct 30, 2022
TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library

About TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library. By default, a cookie will be used as a storage backend. TCrypto h

timoh 57 Dec 2, 2022
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

sqlmapproject 25.7k Jan 5, 2023