Reputation: 8280
Blowfish Crypt confusion
Not sure why but i think i have totally not understood how this works....
I found an example script which had this:
echo crypt('abc123', '$2a$04$saltsaltsaltsaltsaltxx');
And it claims to give the output:
$2a$04$saltsaltsaltsaltsaltxuK2.MS4sJd6ZjnuS0fp2eenjndo.g4hS
But when i did it the same code i get:
$2pGiQ0v1IyNY
As an output... doesn't really explain anything to me so far or why i get a different output to the example i saW?
I'm trying to get the sale + the hashed password and store them in the user table for each user but I'm not following how to:
a) generate a random salt per user
b) get the salt and the hash password from it to store it ?
c) how you then check it on for example a login page
Upvotes: 0
Views: 925
Answers (1)
Reputation: 43158
From PHP docs:
Blowfish hashing with a salt as follows: "$2a$", a two digit cost parameter, "$", and 22 digits from the alphabet "./0-9A-Za-z". Using characters outside of this range in the salt will cause crypt() to return a zero-length string. The two digit cost parameter is the base-2 logarithm of the iteration count for the underlying Blowfish-based hashing algorithmeter and must be in range 04-31, values outside this range will cause crypt() to fail.
You don't need to split the salt from the hashed password. You store the entire string ("$2a$04$saltsaltsaltsaltsaltxuK2.MS4sJd6ZjnuS0fp2eenjndo.g4hS"), and when you want to verify if a provided password matches your hash, you do
if (crypt($form_password, $stored_hash) == $stored_hash) {
// password is correct
}
Upvotes: 2
Related Questions
- php blowfish hashing with crypt(): the CLI result differs from webserver's one
- Blowfish encryption in php
- How exactly to implement Blowfish in php
- Blowfish and Crypt Successful Example?
- Why is crypt() generating different results?
- Using Blowfish for Encryption with PHP
- Using crypt, and verifying - not sure how it works?
- Is this PHP crypt example correct?
- PHP Blowfish encryption
- (PHP) How to use crypt() with CRYPT_BLOWFISH?