PHP Classes

ghostHash: Generate and verify quick and strong key hashes

Recommend this page to a friend!
  Info   View files Example   View files View files (4)   DownloadInstall with Composer Download .zip   Reputation   Support forum (2)   Blog    
Ratings Unique User Downloads Download Rankings
StarStarStar 58%Total: 187 All time: 8,625 This week: 571Up
Version License PHP version Categories
ghosthash 1.0GNU General Publi...5.5Cryptography


This class can generate and verify quick and strong key hashes.

It can generate hashes for given keys using quick method using optional salt and pepper values, and strong methods that use PHP password hashing functions.

The class can also validate hashes for given keys.

It can also calculate the cost value for strong hashing based on the time that it should take to compute the hash.

Innovation Award
PHP Programming Innovation award nominee
January 2016
Number 5
Nowadays, strong password hashing methods apply the same hashing algorithms multiple times to increase the cost of brute force attacks meant to find the passwords stored as hashes.

Increasing the number of iterations also increases the cost of those brute force methods making them practically enviable.

So one question remains, how many iterations are enough to apply those hashing algorithms to make them secure enough?

This class can provide some help to determine a minimum number of iterations for current hardware by applying the hashing algorithm enough times to exceed a given minimum length of time that you want the hashing to take.

Manuel Lemos
Picture of Dave Smith
  Performance   Level  
Name: Dave Smith is available for providing paid consulting. Contact Dave Smith .
Classes: 51 packages by
Country: United States United States
Age: 59
All time rank: 608 in United States United States
Week rank: 16 Up2 in United States United States Up
Innovation award
Innovation award
Nominee: 32x

Winner: 7x



//ghostHash 1.0 example usage

$key = 'thisismypassword';

$salt = 'addadashofsalt';

//checking to see if ghostHash is pre-loaded
if( !method_exists('ghostHash','quickHash') ){
'<br>ghostHash is not pre-loaded, attempting to find file';
    if( !
is_file('ghost.class.php') ){
'<br>ghost.class.php file not found, aborting';
'<br>ghostHash found, loading file. You should consider pre-loading the file';
'<br>Good news, ghostHash is pre-loaded in the system';

//example usage
echo "<hr>Returning a quick hash -> ghostHash::quickHash(string key[,string salt=''][,string pepper=''])";
$hash = ghostHash::quickHash($key,$salt);

"<hr>Verifying the quick hash -> ghostHash::verifyQuickHash(string key, string hash[,string salt=''][,string pepper=''])";
$result = ghostHash::verifyQuickHash($key,$hash,$salt);
echo (
$result === true ) ? 'Verified' : 'Failed verification';

"<hr>Getting the best cost value -> ghostHash::calculateCost(void)";
$cost = ghostHash::calculateCost();

"<hr>Returning a strong hash -> ghostHash::strongHash(string key[,cost=10])";
$hash = ghostHash::strongHash($key,$cost);

"<hr>Verifying the strong hash -> ghostHash::verifyStrongHash(string key, string hash)";
$result = ghostHash::verifyStrongHash($key,$hash);
echo (
$result === true ) ? 'Verified' : 'Failed verification';

"<hr>Determine if strong hash needs to be rehashed -> ghostHash::newStrongHash(string hash[,int cost=10])";
$result = ghostHash::newStrongHash($hash,$cost);
echo (
$result === true ) ? 'Needs a new hash' : 'Hash properties are good';

"<hr>Getting information on strong hash -> ghostHash::strongHashInfo(string hash)";


Class: ghostHash Version: 1.0 11/10/2015 Copyright 2015 Wagon Trader, All Rights Reserved Description: This class is developed to be a secure key hashing application pre-loaded on the system. Files: ghosthash.class.php - Main class example.php - Usage examples Installation: The ghosthash.class.php file is intended to be pre-loaded onto the system. Follow these instructions for the best security. Upload the ghosthash.class.php file into a private folder which is not web accessible. Depending on your servers file system, this could be the /usr/ or /private/ folders. If you are not sure which folder to use, your server administrator should be able to help. If you only have access to public web accessible folders, that is okay, go ahead and upload the ghosthash.class.php file there. Web accessible folders will be 'public_html', /www/ or something similar. Change the auto_prepend_file setting in your php.ini file to load the ghosthash.class.php file. You must include the full path to file, so the instruction would look something like... auto_prepend_file = "/full/path/to/ghosthash.class.php" replacing /full/path/to/ with the actual path to the file. If you do not have access to the php.ini file, you can change the setting in your .htaccess file by including the line... php_value auto_prepend_file /full/path/to/ghosthash.class.php replacing /full/path/to/ with the actual path to the file. If you do not have access to the php.ini file or are not allowed to change php settings within the .htaccess file, you will need to get further instructions from your server admin to complete this step. If all else fails, do not worry, you can always include the ghosthash.class.php script inside your php scripts, however this is less secure when using quick hash methods. The example.php file can be included within your public document root and accessed through your browser to see ghostHash in action. Configuration: You should change the $pepper values in the ghost.class.php to a unique string only known to you. This variable is located in both the quickHash and verifyQuickHash methods and should be exaclty the same text in each. If you should want to use ghostHash as an object, you can uncomment the last line in the ghosthash.class.php file to automatically instantiate the class. This is not neccessary, since ghostHash was designed to be used staticly. Method Usage: ghostHash::quickHash(string key[,string salt=''][,string pepper='']) Use the quickHash method to return a fairly secure hash of the supplied key. You can salt the key by optionally supplying a salt string. You can over-ride the default pepper string by optionally supplying one. Returns a 32 character hash. ghostHash::verifyQuickHash(string key, string hash[,string salt=''][,string pepper='']) Use the verifyQuickHash method to verify the supplied key is valid for the supplied hash. If you supplied salt or pepper when generating the hash, you must supply them here as well. Returns true if valid or false if invalid ghostHash::strongHash(string key[,cost=10]) Use the strongHash method to generate a very strong hash for the supplied key The optional cost value can be supplied to set the computational cost based on your system, the calculateCost method can be used to get the best value. Returns a 60 charachter hash. This may increase in the future, is is best to store these hashes in a 255 character field. ghostHash::calculateCost(void) Use the calculateCost method to determine the best cost value used with strong hashes. Returns the best cost value to use. ghostHash::verifyStrongHash(string key, string hash) Use the verifyStrongHash method to verify the supplied key is valid for the supplied hash. Returns true if valid or false if invalid ghostHash::newStrongHash(string hash[,int cost=10]) Use the newStrongHash method to determine if a new hash should be generated. If there has been a change in the best cost or hashing algorythm, this method can be used to check that the supplied hash meets these standards. Returns true if a new hash should be generated or false if the hash is still within standards. ghostHash::strongHashInfo(string hash) Use the strongHashInfo method to get information on the supplied hash. Returns an array of algo (algorythm used), algoName (human readable name of algorythm) and options used to generate the algorythm. Changelog 1.0 Initial release

  Files folder image Files  
File Role Description
Accessible without login Plain text file example.php Example Example Usage
Plain text file ghosthash.class.php Class Main Class
Accessible without login Plain text file license.txt Lic. License
Accessible without login Plain text file manual.txt Doc. Documentation

 Version Control Unique User Downloads Download Rankings  
This week:0
All time:8,625
This week:571Up
User Ratings User Comments (1)
 All time
keyHash = md5($pepper.
8 years ago (Filip Oscadal)