Glavić
Reputation: 43572
What is the maximum string input in crypt() function?
I think I have reached the limit for crypt($string) at 72 chars. Here is the code:
<?php
$p = '0123456789abcdefghij0123456789abcdefghij0123456789abcdefghij0123456789++';
var_dump($p);
$salt = '$2y$12$' . substr(str_replace('+', '.',
base64_encode(sha1(microtime(true), true))), 0, 22);
var_dump($salt);
$hash = crypt($p, $salt);
var_dump($hash);
var_dump($hash === crypt($p, $hash));
var_dump($hash === crypt($p.'a', $hash));
var_dump($hash === crypt($p.'-or-anthing else beyond this...', $hash));
Output is:
string(72) "0123456789abcdefghij0123456789abcdefghij0123456789abcdefghij0123456789++"
string(29) "$2y$12$nLe2d618C6YN0FQ0vODGvz"
string(60) "$2y$12$nLe2d618C6YN0FQ0vODGvutzCR5h0ngWmDSXtFdSt2dPAW5vgPd1e"
bool(true)
bool(true)
bool(true)
Is it normal behaviour that 72 char is the maximum input string?
Upvotes: 6
Views: 862
Answers (1)
Madara's Ghost
Reputation: 175038
Yes, after investigating a little, the bcrypt algorithm is limited to 72 characters. Anything beyond that gets truncated.
However, being a hashing algorithm designed for password hashing, I doubt you'll ever need to worry about that limitation.
Upvotes: 7
Related Questions
- PHP crypt() returning wrong answer
- The maximum number of characters of the md5 input
- What is the maximum length of a String in PHP?
- PHP crypt() returning 13, and not less than 13 characters, on failure
- Crypting with php crypt()
- PHP crypt problems
- crypt() not functioning as needed
- What range of characters can PHP's openssl_encrypt() output using AES-256-cbc?
- php crypt problem
- (PHP) How to correctly implement crypt()