crypt
Description
Syntax
crypt( string $string, string $salt ): string
Parameters
string
The string to be hashed.
CAUTION: Using the CRYPT_BLOWFISH algorithm, will result in the string parameter being truncated to a maximum length of 72 characters.
salt
An optional salt string to base the hashing on. If not provided, the behaviour is defined by the algorithm implementation and can lead to unexpected results.
CRYPT_STD_DES | Standard DES-based hash | 2-character salt (./0-9A-Za-z) | Invalid characters will cause crypt() to fail. |
CRYPT_EXT_DES | Extended DES-based hash | _, 4-character iteration count (./0-9A-Za-z), 4-character salt (./0-9A-Za-z) | Iteration count is least significant character first. Invalid characters will cause crypt() to fail. |
CRYPT_MD5 | MD5 hash | $, 1, $, 8-character salt (./0-9A-Za-z) | |
CRYPT_BLOWFISH | Blowfish hash | $, 2, (a, x, or y), $, 2-digit cost parameter (04-31), $, 22-character salt (./0-9A-Za-z) | Cost parameter is a base-2 logarithm of iteration count. Invalid characters will cause crypt() to fail. Versions before PHP 5.3.7 only support a. Developers targeting PHP 5.3.7 and after should use y. |
CRYPT_SHA256 | SHA-256 hash | $, 5, $, rounds=N, $, 16-character salt (./0-9A-Za-z) | If the string uses rounds=N, the numeric value of N indicates how many times the hashing loop should be executed. The default is 5000, the minimum is 1000, and the maximum is 999,999,999. Any selection of N outside this range will be truncated to the nearest limit. |
CRYPT_SHA512 | SHA-512 hash | $, 6, $, rounds=N, $, 16-character salt (./0-9A-Za-z) | If the string uses rounds=N, the numeric value of N indicates how many times the hashing loop should be executed. The default is 5000, the minimum is 1000, and the maximum is 999,999,999. Any selection of N outside this range will be truncated to the nearest limit. |
Return
Returns the hashed string or a string that is shorter than 13 characters and is guaranteed to differ from the salt on failure.
Warning: When validating passwords, a string comparison function that isn't vulnerable to timing attacks should be used to compare the output of crypt() to the previously known hash. PHP 5.6 onwards provides hash_equals() for this purpose.
Examples
1 · string salt · CRYPT_STD_DES
<? if(CRYPT_STD_DES == 1) { $string = 'mypassword'; $salt = 'sa'; $return = crypt($string, $salt); echo $return; } ?>
sayVb7E97UXnw
2 · string salt · CRYPT_EXT_DES
<? if(CRYPT_EXT_DES == 1) { $string = 'mypassword'; $salt = '_/...salt'; $return = crypt($string, $salt); echo $return; } ?>
_/...salt6YwXDHP2276
3 · string salt · CRYPT_MD5
<? if(CRYPT_MD5 == 1) { $string = 'mypassword'; $salt = '$1$saltsalt'; $return = crypt($string, $salt); echo $return; } ?>
$1$saltsalt$//251epTQaKpm7/bnAD.Z.
4 · string salt · CRYPT_BLOWFISH
<? if(CRYPT_BLOWFISH == 1) { $string = 'mypassword'; $salt = '$2y$04$saltsaltsaltsaltsaltsa'; $return = crypt($string, $salt); echo $return; } ?>
$2y$04$saltsaltsaltsaltsaltsOMyjFe2zExA60l6hOHLHrzARx3d4ocdm
5 · string salt · CRYPT_SHA256
<? if(CRYPT_SHA256 == 1) { $string = 'mypassword'; $salt = '$5$rounds=1000$saltsaltsaltsalt'; $return = crypt($string, $salt); echo $return; } ?>
$5$rounds=1000$saltsaltsaltsalt$MGplem7k.ETOIzMr9v5aFywt8yUut4NzOhIuCU5seo1
6 · string salt · CRYPT_SHA512
<? if(CRYPT_SHA512 == 1) { $string = 'mypassword'; $salt = '$6$rounds=1000$saltsaltsaltsalt'; $return = crypt($string, $salt); echo $return; } ?>
$6$rounds=1000$saltsaltsaltsalt$G3Axd1JO/txNBJ00lZWo9d.TXrxn0frJLx3tcCyLDJRjf/LbwpwguUZD2gnisUfVSLr7qZALJkwR.6Kb/2g4G.
7 · hash_equals
<? // pass the return of crypt() as the salt for comparing a password to avoid problems when different hashing algorithms are used $string = 'mypassword'; $salt = 'sa'; $return = crypt($string, $salt); if(hash_equals($return, crypt($string, $return))) { echo "password verified"; } ?>
password verified
Links
String
- addcslashes
- addslashes
- bin2hex
- chop
- chr
- chunk_split
- convert_uudecode
- convert_uuencode
- count_chars
- crc32
- echo
- explode
- fprintf
- get_html_translation_table
- hebrev
- hebrevc
- hex2bin
- html_entity_decode
- htmlentities
- htmlspecialchars
- htmlspecialchars_decode
- implode
- join
- lcfirst
- levenshtein
- localeconv
- ltrim
- md5
- md5_file
- metaphone
- nl_langinfo
- nl2br
- number_format
- ord
- parse_str
- printf
- quoted_printable_decode
- quoted_printable_encode
- quotemeta
- rtrim
- setlocale
- sha1
- sha1_file
- similar_text
- soundex
- sprintf
- sscanf
- str_contains
- str_decrement
- str_ends_with
- str_getcsv
- str_increment
- str_ireplace
- str_pad
- str_repeat
- str_replace
- str_rot13
- str_shuffle
- str_split
- str_starts_with
- str_word_count
- strcasecmp
- strchr
- strcmp
- strcoll
- strcspn
- strip_tags
- stripcslashes
- stripos
- stripslashes
- stristr
- strlen
- strnatcasecmp
- strnatcmp
- strncasecmp
- strncmp
- strpbrk
- strpos
- strrchr
- strrev
- strripos
- strrpos
- strspn
- strstr
- strtok
- strtolower
- strtoupper
- strtr
- substr
- substr_compare
- substr_count
- substr_replace
- trim
- ucfirst
- ucwords
- vfprintf
- vprintf
- vsprintf
- wordwrap