crypt

One-way string hashing

Syntax

crypt ( string $str [, string $salt ] ) : string

Parameters

str

The string to be hashed.

Caution: Using the CRYPT_BLOWFISH algorithm, will result in the str parameter being truncated to a maximum length of 72 characters.

salt

An optional salt string to base the hashing on. If not provided, the behaviour is defined by the algorithm implementation and can lead to unexpected results.

CRYPT_STD_DES Standard DES-based hash 2-character salt (./0-9A-Za-z) Invalid characters will cause crypt() to fail.
CRYPT_EXT_DES Extended DES-based hash _, 4-character iteration count (./0-9A-Za-z), 4-character salt (./0-9A-Za-z) Iteration count is least significant character first. Invalid characters will cause crypt() to fail.
CRYPT_MD5 MD5 hash $, 1, $, 8-character salt (./0-9A-Za-z)
CRYPT_BLOWFISH Blowfish hash $, 2, (a, x, or y), $, 2-digit cost parameter (04-31), $, 22-character salt (./0-9A-Za-z) Cost parameter is a base-2 logarithm of iteration count. Invalid characters will cause crypt() to fail. Versions before PHP 5.3.7 only support a. Developers targeting PHP 5.3.7 and after should use y.
CRYPT_SHA256 SHA-256 hash $, 5, $, rounds=N, $, 16-character salt (./0-9A-Za-z) If the string uses rounds=N, the numeric value of N indicates how many times the hashing loop should be executed. The default is 5000, the minimum is 1000, and the maximum is 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.
CRYPT_SHA512 SHA-512 hash $, 6, $, rounds=N, $, 16-character salt (./0-9A-Za-z) If the string uses rounds=N, the numeric value of N indicates how many times the hashing loop should be executed. The default is 5000, the minimum is 1000, and the maximum is 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.

Return

Returns the hashed string or a string that is shorter than 13 characters and is guaranteed to differ from the salt on failure.

Warning: When validating passwords, a string comparison function that isn't vulnerable to timing attacks should be used to compare the output of crypt() to the previously known hash. PHP 5.6 onwards provides hash_equals() for this purpose.

Examples

1 · str

<?

$str = 'mypassword';

$return = crypt($str);

echo $return;

?>
$1$ai4B8m6c$0/lG8UQ7LoWxUpAbzYhsR0

2 · salt · CRYPT_STD_DES

<?

if (CRYPT_STD_DES == 1)
{
    $str = 'mypassword';
    $salt = 'sa';

    $return = crypt($str, $salt);

    echo $return;
}

?>
sayVb7E97UXnw

3 · salt · CRYPT_EXT_DES

<?

if (CRYPT_EXT_DES == 1)
{
    $str = 'mypassword';
    $salt = '_/...salt';
    
    $return = crypt($str, $salt);

    echo $return;
}

?>
_/...salt6YwXDHP2276

4 · salt · CRYPT_MD5

<?

if (CRYPT_MD5 == 1)
{
    $str = 'mypassword';
    $salt = '$1$saltsalt';
    
    $return = crypt($str, $salt);

    echo $return;
}

?>
$1$saltsalt$//251epTQaKpm7/bnAD.Z.

5 · salt · CRYPT_BLOWFISH

<?

if (CRYPT_BLOWFISH == 1)
{
    $str = 'mypassword';
    $salt = '$2y$04$saltsaltsaltsaltsaltsa';
    
    $return = crypt($str, $salt);

    echo $return;
}

?>
$2y$04$saltsaltsaltsaltsaltsOMyjFe2zExA60l6hOHLHrzARx3d4ocdm

6 · salt · CRYPT_SHA256

<?

if (CRYPT_SHA256 == 1)
{
    $str = 'mypassword';
    $salt = '$5$rounds=1000$saltsaltsaltsalt';
    
    $return = crypt($str, $salt);

    echo $return;
}

?>
$5$rounds=1000$saltsaltsaltsalt$MGplem7k.ETOIzMr9v5aFywt8yUut4NzOhIuCU5seo1

7 · salt · CRYPT_SHA512

<?

if (CRYPT_SHA512 == 1)
{
    $str = 'mypassword';
    $salt = '$6$rounds=1000$saltsaltsaltsalt';
    
    $return = crypt($str, $salt);

    echo $return;
}

?>
$6$rounds=1000$saltsaltsaltsalt$G3Axd1JO/txNBJ00lZWo9d.TXrxn0frJLx3tcCyLDJRjf/LbwpwguUZD2gnisUfVSLr7qZALJkwR.6Kb/2g4G.

8 · hash_equals

<?

// pass the return of crypt() as the salt for comparing a password to avoid problems when different hashing algorithms are used

$str = 'mypassword';
$return = crypt($str);

if (hash_equals($return, crypt($str, $return)))
{
    echo "password verified";
}

?>
password verified

addcslashes

addslashes

bin2hex

chop

chr

chunk_split

convert_uudecode

convert_uuencode

count_chars

crc32

echo

explode

fprintf

get_html_translation_table

hebrev

hebrevc

hex2bin

html_entity_decode

htmlentities

htmlspecialchars

htmlspecialchars_decode

implode

join

lcfirst

levenshtein

localeconv

ltrim

md5

md5_file

metaphone

nl_langinfo

nl2br

number_format

ord

parse_str

print

printf

quoted_printable_decode

quoted_printable_encode

quotemeta

rtrim

setlocale

sha1

sha1_file

similar_text

soundex

sprintf

sscanf

str_contains

str_ends_with

str_getcsv

str_ireplace

str_pad

str_repeat

str_replace

str_rot13

str_shuffle

str_split

str_starts_with

str_word_count

strcasecmp

strchr

strcmp

strcoll

strcspn

strip_tags

stripcslashes

stripos

stripslashes

stristr

strlen

strnatcasecmp

strnatcmp

strncasecmp

strncmp

strpbrk

strpos

strrchr

strrev

strripos

strrpos

strspn

strstr

strtok

strtolower

strtoupper

strtr

substr

substr_compare

substr_count

substr_replace

trim

ucfirst

ucwords

vfprintf

vprintf

vsprintf

wordwrap

PHP

Home Menu