Matías Cánepa
Reputation: 5974
Different passwords, same hash check using crypt in php
If i use crypt() to hash a password:
$password = "my_password_12345";
$salt = base64_encode(openssl_random_pseudo_bytes(64, $cstrong));
$crypt = crypt($password, $salt);
I get something like this
echo $crypt; //AG6hHvhjwnqpc
So, when I check for the hash I do this and all work fine
echo crypt($password, $crypt); //AG6hHvhjwnqpc
But why the following happens? I do the same check as above but with a password similar to the previous one and I get the same hash.
$password = "my_password_12345_not!";
echo crypt($password, $crypt); //AG6hHvhjwnqpc
I would expect a different hash, but instead I'm getting the same
Upvotes: 1
Views: 197
Answers (1)
CmPi
Reputation: 137
In PHP, the crypt function use only the 8 first characters :
Extract from the documentation:
The standard DES-based crypt() returns the salt as the first two characters of the output. It also only uses the first eight characters of str, so longer strings that start with the same eight characters will generate the same result (when the same salt is used).
Upvotes: 3
Related Questions
- How to verify two hashed password that were hashed with php's password_hash() function
- PHP Verifying passwords using password_verify and password_hash
- Hash_password make a different password each time
- password_hash returns different value every time
- Crypt returning same hash for two different (similar) passwords
- Comparing hash value of password in PHP
- PHP password_hash Check Two Hashes
- Hashing passwords with exact same inputs doesn't output the same value
- Hash value always different on same input
- Crypt function generetes the same hash for the same password