32, 'haval128,3' => 128, 'haval160,3' => 128, 'haval192,3' => 128, 'haval224,3' => 128, 'haval256,3' => 128, 'haval128,4' => 128, 'haval160,4' => 128, 'haval192,4' => 128, 'haval224,4' => 128, 'haval256,4' => 128, 'haval128,5' => 128, 'haval160,5' => 128, 'haval192,5' => 128, 'haval224,5' => 128, 'haval256,5' => 128, 'md2' => 16, 'md4' => 64, 'md5' => 64, 'ripemd128' => 64, 'ripemd160' => 64, 'ripemd256' => 64, 'ripemd320' => 64, 'salsa10' => 64, 'salsa20' => 64, 'sha1' => 64, 'sha224' => 64, 'sha256' => 64, 'sha384' => 128, 'sha512' => 128, 'snefru' => 32, 'snefru256' => 32, 'tiger128,3' => 64, 'tiger160,3' => 64, 'tiger192,3' => 64, 'tiger128,4' => 64, 'tiger160,4' => 64, 'tiger192,4' => 64, 'whirlpool' => 64 ); if (isset($block_sizes[$algo], $password[$block_sizes[$algo]])) { $password = hash($algo, $password, true); } $hash = ''; // Note: Blocks are NOT 0-indexed for ($bc = (int) ceil($length / $hash_length), $bi = 1; $bi <= $bc; $bi++) { $key = $derived_key = hash_hmac($algo, $salt . pack('N', $bi), $password, true); for ($i = 1; $i < $iterations; $i++) { $derived_key ^= $key = hash_hmac($algo, $key, $password, true); } $hash .= $derived_key; } // This is not RFC-compatible, but we're aiming for natural PHP compatibility if (! $raw_output) { $hash = bin2hex($hash); } return defined('MB_OVERLOAD_STRING') ? mb_substr($hash, 0, $length, '8bit') : substr($hash, 0, $length); } }