<?php

# smh = sequential memory-hard
# smh = scripting memory (not so) high

function smhkdf($in, $salt, $m_cost)
{
	$log2_k = 2;
	$blocksize1 = 128 - 16 - 1 - 64;
	$blocksize2 = (128 << $log2_k) - 16 - 1 - 64;

	$m_cost_min = max(2, 1 << $log2_k, ($blocksize2 + 63) >> 6);
	if ($m_cost < $m_cost_min)
		$m_cost = $m_cost_min;

	$v = '';
	$x = hash('sha512', $in, TRUE) . $salt;
	$count = $m_cost >> 1;
	do {
		$v .= $x = hash('sha512', $x, TRUE);
	} while (--$count);

	$count = $m_cost >> 1;
	$mod = ($count * 64) - $blocksize1 + 1;
	$count = $m_cost - $count; // In case it was odd
	$i = 0;
	do {
		$ja = unpack('V', $x);
		$j = $i + ($ja[1] & 0x7fffffff) % $mod;
		$i += 64;
		$v .= $x = hash('sha512', $x . substr($v, $j, $blocksize1), TRUE);
	} while (--$count);

	$mod = ($m_cost * 64) - $blocksize2 + 1;
	$count = $m_cost >> $log2_k;
	do {
		$ja = unpack('V', $x);
		$j = ($ja[1] & 0x7fffffff) % $mod;
		$x = hash('sha512', $x . substr($v, $j, $blocksize2), TRUE);
	} while (--$count);

	$x = substr($x, -32);

	return $x;
}

$m_cost = 1024*1024/64; # 1 MiB
#$m_cost = 1024; # 64 KiB
for ($i = 0; $i < 10; $i++) {
	$dk = smhkdf('password', 'salt', $m_cost);
}
echo base64_encode($dk), "\n";

?>