mhash_keygen_s2k() generates a key of bytes length from a user-given password , using the hash hash . This produces the "Salted S2K" data element described in RFC 2440. This function can be used to compute checksums, message digests, and other signatures.
The salt is a random piece of data used to generate the key. To check the key, you must also know the salt , so it's a good idea to append the salt to the key for checking. As long as password is not sent as well, your hash is still secure. In addition, salt has a fixed length of 8 bytes and will be padded with zeros if you supply fewer bytes.
PHP Functions Essential Reference. Copyright © 2002 by New Riders Publishing (Authors: Zak Greant, Graeme Merrall, Torben Wilson, Brett Michlitsch). This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/). The authors of this book have elected not to choose any options under the OPL. This online book was obtained from http://www.fooassociates.com/phpfer/ and is designed to provide information about the PHP programming language, focusing on PHP version 4.0.4 for the most part. The information is provided on an as-is basis, and no warranty or fitness is implied. All persons and entities shall have neither liability nor responsibility to any person or entity with respect to any loss or damage arising from the information contained in this book.