generatePasswordHash() public method Generates a secure hash from a password and a random salt. The generated hash can be stored in database. Later when a password needs to be validated, the hash can be fetched and passed to validatePassword(). For example, // generates the hash (usually done during user registration or when the password is changed) $hash = Yii::$app->getSecurity()->generatePasswordHash($password); // ...save $hash in database... // during login, validate if the pass

encryptByKey() public method Encrypts data using a cryptographic key. Derives keys for encryption and authentication from the input key using HKDF and a random salt, which is very fast relative to encryptByPassword(). The input key must be properly random -- use generateRandomKey() to generate keys. The encrypted data includes a keyed message authentication code (MAC) so there is no need to hash input or output data. See also: decryptByKey() encryptByPassword() public string encryptByKey

decrypt() protected method Decrypts data. See also encrypt(). protected boolean|string decrypt ( $data, $passwordBased, $secret, $info )$data string Encrypted data to be decrypted. $passwordBased boolean Set true to use password-based key derivation $secret string The decryption password or key $info string Context/application specific information, @see encrypt() return boolean|string The decrypted data or false on authentication failure throws yii\base\InvalidConfigException

decryptByKey() public method Verifies and decrypts data encrypted with encryptByKey(). See also encryptByKey(). public boolean|string decryptByKey ( $data, $inputKey, $info = null )$data string The encrypted data to decrypt $inputKey string The input to use for encryption and authentication $info string Optional context and application specific information, see hkdf() return boolean|string The decrypted data or false on authentication failure

encrypt() protected method Encrypts data. See also decrypt(). protected string encrypt ( $data, $passwordBased, $secret, $info )$data string Data to be encrypted $passwordBased boolean Set true to use password-based key derivation $secret string The encryption password or key $info string Context/application specific information, e.g. a user ID See RFC 5869 Section 3.2 for more details. return string The encrypted data throws yii\base\InvalidConfigException on OpenSSL not loade

decryptByPassword() public method Verifies and decrypts data encrypted with encryptByPassword(). See also encryptByPassword(). public boolean|string decryptByPassword ( $data, $password )$data string The encrypted data to decrypt $password string The password to use for decryption return boolean|string The decrypted data or false on authentication failure

compareString() public method Performs string comparison using timing attack resistant approach. See also http://codereview.stackexchange.com/questions/13512. public boolean compareString ( $expected, $actual )$expected string String to compare. $actual string User-supplied string. return boolean Whether strings are equal.

$passwordHashCost public property (available since version 2.0.6) Default cost used for password hashing. Allowed value is between 4 and 31. See also generatePasswordHash(). public integer $passwordHashCost = 13

$passwordHashStrategy public property Strategy, which should be used to generate password hash. Available strategies: 'password_hash' - use of PHP password_hash() function with PASSWORD_DEFAULT algorithm. This option is recommended, but it requires PHP version >= 5.5.0 'crypt' - use PHP crypt() function. public string $passwordHashStrategy = null

$kdfHash public property Hash algorithm for key derivation. Recommend sha256, sha384 or sha512. See also \yii\base\hash_algos(). public string $kdfHash = 'sha256'