Jesus · Bible · HTML · CSS · JS · PHP · SVG · Applications

crypt

Description

The crypt of String for PHP one-way string hashing.

Syntax

crypt(
    string $string,
    string $salt
): string

Parameters

string

The string to be hashed.

CAUTION: Using the CRYPT_BLOWFISH algorithm, will result in the string parameter being truncated to a maximum length of 72 characters.

salt

An optional salt string to base the hashing on. If not provided, the behaviour is defined by the algorithm implementation and can lead to unexpected results.

CRYPT_STD_DESStandard DES-based hash2-character salt (./0-9A-Za-z)Invalid characters will cause crypt() to fail.
CRYPT_EXT_DESExtended DES-based hash_, 4-character iteration count (./0-9A-Za-z), 4-character salt (./0-9A-Za-z)Iteration count is least significant character first. Invalid characters will cause crypt() to fail.
CRYPT_MD5MD5 hash$, 1, $, 8-character salt (./0-9A-Za-z)
CRYPT_BLOWFISHBlowfish hash$, 2, (a, x, or y), $, 2-digit cost parameter (04-31), $, 22-character salt (./0-9A-Za-z)Cost parameter is a base-2 logarithm of iteration count. Invalid characters will cause crypt() to fail. Versions before PHP 5.3.7 only support a. Developers targeting PHP 5.3.7 and after should use y.
CRYPT_SHA256SHA-256 hash$, 5, $, rounds=N, $, 16-character salt (./0-9A-Za-z)If the string uses rounds=N, the numeric value of N indicates how many times the hashing loop should be executed. The default is 5000, the minimum is 1000, and the maximum is 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.
CRYPT_SHA512SHA-512 hash$, 6, $, rounds=N, $, 16-character salt (./0-9A-Za-z)If the string uses rounds=N, the numeric value of N indicates how many times the hashing loop should be executed. The default is 5000, the minimum is 1000, and the maximum is 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.

Return

Returns the hashed string or a string that is shorter than 13 characters and is guaranteed to differ from the salt on failure.

Warning: When validating passwords, a string comparison function that isn't vulnerable to timing attacks should be used to compare the output of crypt() to the previously known hash. PHP 5.6 onwards provides hash_equals() for this purpose.

Examples

1 · string salt · CRYPT_STD_DES

<?

if(CRYPT_STD_DES == 1)
{
    $string = 'mypassword';
    $salt = 'sa';

    $return = crypt($string, $salt);

    echo $return;
}

?>
sayVb7E97UXnw

2 · string salt · CRYPT_EXT_DES

<?

if(CRYPT_EXT_DES == 1)
{
    $string = 'mypassword';
    $salt = '_/...salt';
    
    $return = crypt($string, $salt);

    echo $return;
}

?>
_/...salt6YwXDHP2276

3 · string salt · CRYPT_MD5

<?

if(CRYPT_MD5 == 1)
{
    $string = 'mypassword';
    $salt = '$1$saltsalt';
    
    $return = crypt($string, $salt);

    echo $return;
}

?>
$1$saltsalt$//251epTQaKpm7/bnAD.Z.

4 · string salt · CRYPT_BLOWFISH

<?

if(CRYPT_BLOWFISH == 1)
{
    $string = 'mypassword';
    $salt = '$2y$04$saltsaltsaltsaltsaltsa';
    
    $return = crypt($string, $salt);

    echo $return;
}

?>
$2y$04$saltsaltsaltsaltsaltsOMyjFe2zExA60l6hOHLHrzARx3d4ocdm

5 · string salt · CRYPT_SHA256

<?

if(CRYPT_SHA256 == 1)
{
    $string = 'mypassword';
    $salt = '$5$rounds=1000$saltsaltsaltsalt';
    
    $return = crypt($string, $salt);

    echo $return;
}

?>
$5$rounds=1000$saltsaltsaltsalt$MGplem7k.ETOIzMr9v5aFywt8yUut4NzOhIuCU5seo1

6 · string salt · CRYPT_SHA512

<?

if(CRYPT_SHA512 == 1)
{
    $string = 'mypassword';
    $salt = '$6$rounds=1000$saltsaltsaltsalt';
    
    $return = crypt($string, $salt);

    echo $return;
}

?>
$6$rounds=1000$saltsaltsaltsalt$G3Axd1JO/txNBJ00lZWo9d.TXrxn0frJLx3tcCyLDJRjf/LbwpwguUZD2gnisUfVSLr7qZALJkwR.6Kb/2g4G.

7 · hash_equals

<?

// pass the return of crypt() as the salt for comparing a password to avoid problems when different hashing algorithms are used

$string = 'mypassword';
$salt = 'sa';

$return = crypt($string, $salt);

if(hash_equals($return, crypt($string, $return)))
{
    echo "password verified";
}

?>
password verified
HomeMenu