CODEWITHSUNDEEP
phpalgorithmencryptioncrypt
Pete
Pete

Reputation: 314

PHP crypt function and algorithm

I'm using crypt() function but I don't know if my implementation is correct. What kind of algorithm I'm using if I write someting like this :

crypt('PE','12345')

I read the documentation and I don't know which algorithm is chosen with a five char salt like 12345.

Upvotes: 0

Views: 2114

Answers (4)

mamdouh alramadan
mamdouh alramadan

Reputation: 8528

crypt() will return a hashed string using the standard Unix DES-based algorithm if it's available on the system and if not then it will return MD5-based algoritm. And you can set what type of algorithm you want to use from the following list:

  1. CRYPT_STD_DES .
  2. CRYPT_EXT_DES .
  3. CRYPT_MD5.
  4. CRYPT_BLOWFISH.
  5. CRYPT_SHA256.
  6. CRYPT_SHA512.

and this list can be used like this:

//setting the value to 1 means enable this algorithm 
//which will return true or false.
if (CRYPT_STD_DES == 1) {
    echo 'Standard DES: ' . crypt('rasmuslerdorf', 'rl') . "\n";
}

if (CRYPT_EXT_DES == 1) {
    echo 'Extended DES: ' . crypt('rasmuslerdorf', '_J9..rasm') . "\n";
}

if (CRYPT_MD5 == 1) {
    echo 'MD5:          ' . crypt('rasmuslerdorf', '$1$rasmusle$') . "\n";
}

if (CRYPT_BLOWFISH == 1) {
    echo 'Blowfish:     ' . crypt('rasmuslerdorf', '$2a$07$usesomesillystringforsalt$') . "\n";
}

if (CRYPT_SHA256 == 1) { 
    echo 'SHA-256:      ' . crypt('rasmuslerdorf', '$5$rounds=5000$usesomesillystringforsalt$') . "\n";
}

if (CRYPT_SHA512 == 1) {
    echo 'SHA-512:      ' . crypt('rasmuslerdorf', '$6$rounds=5000$usesomesillystringforsalt$') . "\n";
}

Which means that you have to choose what type of algorithm you want to use before using if you don't want to use the default by system.

Upvotes: 0

Rajat Garg
Rajat Garg

Reputation: 355

Depends on the system as the documentation says.

To determine what your system supports, you can check the values of constants defined by PHP. The constant CRYPT_SALT_LENGTH will display the expected length of the salt string. DES accepts a two-character salt. MD5 accepts 12 characters. You can also check to see whether any of the following flags are set: CRYPT_STD_DES, CRYPT_EXT_DES, CRYPT_MD5, CRYPT_BLOWFISH. To do this, issue a command such as: echo CRYPT_MD5

A numeral 1 indicates it is supported; a 0 indicates that it is not.

Consider reading details here http://www.techrepublic.com/article/the-perils-of-using-php-crypt/1058691

Upvotes: 1

mishmash
mishmash

Reputation: 4458

It depends on the underlying system. I suggest you use hash() instead. For example.

$algos = hash_algos();
if (in_array("sha256", $algos)) {
    $str = hash ("sha256", "something" . "salt");
}

This way you can consistently use one hashing algorithm.

Upvotes: 1

stearm
stearm

Reputation: 143

crypt() will return a hashed string using the standard Unix DES-based algorithm or alternative algorithms that may be available on the system.

From PHP Doc

Upvotes: 0

Related Questions