encryptByPassword() public method Encrypts data using a password. Derives keys for encryption and authentication from the password using PBKDF2 and a random salt, which is deliberately slow to protect against dictionary attacks. Use encryptByKey() to encrypt fast using a cryptographic key rather than a password. Key derivation time is determined by $derivationIterations, which should be set as high as possible. The encrypted data includes a keyed message authentication code (MAC) so there i

encryptByKey() public method Encrypts data using a cryptographic key. Derives keys for encryption and authentication from the input key using HKDF and a random salt, which is very fast relative to encryptByPassword(). The input key must be properly random -- use generateRandomKey() to generate keys. The encrypted data includes a keyed message authentication code (MAC) so there is no need to hash input or output data. See also: decryptByKey() encryptByPassword() public string encryptByKey

encrypt() protected method Encrypts data. See also decrypt(). protected string encrypt ( $data, $passwordBased, $secret, $info )$data string Data to be encrypted $passwordBased boolean Set true to use password-based key derivation $secret string The encryption password or key $info string Context/application specific information, e.g. a user ID See RFC 5869 Section 3.2 for more details. return string The encrypted data throws yii\base\InvalidConfigException on OpenSSL not loade

decryptByPassword() public method Verifies and decrypts data encrypted with encryptByPassword(). See also encryptByPassword(). public boolean|string decryptByPassword ( $data, $password )$data string The encrypted data to decrypt $password string The password to use for decryption return boolean|string The decrypted data or false on authentication failure

decryptByKey() public method Verifies and decrypts data encrypted with encryptByKey(). See also encryptByKey(). public boolean|string decryptByKey ( $data, $inputKey, $info = null )$data string The encrypted data to decrypt $inputKey string The input to use for encryption and authentication $info string Optional context and application specific information, see hkdf() return boolean|string The decrypted data or false on authentication failure

decrypt() protected method Decrypts data. See also encrypt(). protected boolean|string decrypt ( $data, $passwordBased, $secret, $info )$data string Encrypted data to be decrypted. $passwordBased boolean Set true to use password-based key derivation $secret string The decryption password or key $info string Context/application specific information, @see encrypt() return boolean|string The decrypted data or false on authentication failure throws yii\base\InvalidConfigException

compareString() public method Performs string comparison using timing attack resistant approach. See also http://codereview.stackexchange.com/questions/13512. public boolean compareString ( $expected, $actual )$expected string String to compare. $actual string User-supplied string. return boolean Whether strings are equal.

$passwordHashStrategy public property Strategy, which should be used to generate password hash. Available strategies: 'password_hash' - use of PHP password_hash() function with PASSWORD_DEFAULT algorithm. This option is recommended, but it requires PHP version >= 5.5.0 'crypt' - use PHP crypt() function. public string $passwordHashStrategy = null

$passwordHashCost public property (available since version 2.0.6) Default cost used for password hashing. Allowed value is between 4 and 31. See also generatePasswordHash(). public integer $passwordHashCost = 13

$macHash public property Hash algorithm for message authentication. Recommend sha256, sha384 or sha512. See also \yii\base\hash_algos(). public string $macHash = 'sha256'