Menu Samaritan's Purse

CRYPT

One-way string hashing

SYNTAX

crypt ( string $str [, string $salt ] ) : string

PARAMETERS

str

The string to be hashed.

Caution: Using the CRYPT_BLOWFISH algorithm, will result in the str parameter being truncated to a maximum length of 72 characters.

salt

An optional salt string to base the hashing on. If not provided, the behaviour is defined by the algorithm implementation and can lead to unexpected results.

CRYPT_STD_DES Standard DES-based hash 2-character salt (./0-9A-Za-z) Invalid characters will cause crypt() to fail.
CRYPT_EXT_DES Extended DES-based hash _, 4-character iteration count (./0-9A-Za-z), 4-character salt (./0-9A-Za-z) Iteration count is least significant character first. Invalid characters will cause crypt() to fail.
CRYPT_MD5 MD5 hash $, 1, $, 8-character salt (./0-9A-Za-z)
CRYPT_BLOWFISH Blowfish hash $, 2, (a, x, or y), $, 2-digit cost parameter (04-31), $, 22-character salt (./0-9A-Za-z) Cost parameter is a base-2 logarithm of iteration count. Invalid characters will cause crypt() to fail. Versions before PHP 5.3.7 only support a. Developers targeting PHP 5.3.7 and after should use y.
CRYPT_SHA256 SHA-256 hash $, 5, $, rounds=N, $, 16-character salt (./0-9A-Za-z) If the string uses rounds=N, the numeric value of N indicates how many times the hashing loop should be executed. The default is 5000, the minimum is 1000, and the maximum is 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.
CRYPT_SHA512 SHA-512 hash $, 6, $, rounds=N, $, 16-character salt (./0-9A-Za-z) If the string uses rounds=N, the numeric value of N indicates how many times the hashing loop should be executed. The default is 5000, the minimum is 1000, and the maximum is 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.

RETURN

Returns the hashed string or a string that is shorter than 13 characters and is guaranteed to differ from the salt on failure.

Warning: When validating passwords, a string comparison function that isn't vulnerable to timing attacks should be used to compare the output of crypt() to the previously known hash. PHP 5.6 onwards provides hash_equals() for this purpose.

EXAMPLES

STR

$1$ai4B8m6c$0/lG8UQ7LoWxUpAbzYhsR0

SALT | CRYPT_STD_DES

sayVb7E97UXnw

SALT | CRYPT_EXT_DES

_/...salt6YwXDHP2276

SALT | CRYPT_MD5

$1$saltsalt$//251epTQaKpm7/bnAD.Z.

SALT | CRYPT_BLOWFISH

$2y$04$saltsaltsaltsaltsaltsOMyjFe2zExA60l6hOHLHrzARx3d4ocdm

SALT | CRYPT_SHA256

$5$rounds=1000$saltsaltsaltsalt$MGplem7k.ETOIzMr9v5aFywt8yUut4NzOhIuCU5seo1

SALT | CRYPT_SHA512

$6$rounds=1000$saltsaltsaltsalt$G3Axd1JO/txNBJ00lZWo9d.TXrxn0frJLx3tcCyLDJRjf/LbwpwguUZD2gnisUfVSLr7qZALJkwR.6Kb/2g4G.

HASH_EQUALS

password verified

PHP