php crypt problem

Question

I am trying to store passwords in an encrypted format but it does not seem to be working correcty. Here is the php code I am using.

function encryptMe($input, $salt){
    $output = crypt($input,$salt);
return $output;
}

function getSalt(){
   //set number of repititions
   $reps="5000";

   $salt = substr(str_replace('+', '.', base64_encode(
            pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand())
            )), 0, 16);
   $salt = "$6$"."rounds=".$reps."$".$salt;     
   return $salt;    
}

I have the following statement also in my code.

$input['password'] = $_POST['password'];
$salt = getSalt();
$input['password'] = encryptMe($input['password'],$salt);

I have ran this multiple time with different salt but the same password and keep getting the same hash. Changeing the salt does not seem to have any effect and I cant figure out what is wrong. Can someone look at this code and help me?

Also is there any way to veryify that this is using SHA512?

Answer 1

That is because crypt() returns only a few first characters, so the inputs, even are different, still may return the same string since only the last characters changed.

Alternative way is using hash() for SHA-256. Somebody shared you a very interesting link in your post already.

Edit

This is how vBulletin encrypts passwords. Don't know if they're still using this method.

$password_hash = md5(md5($password_text) . $user_salt);
// $user_salt is a random three character string stored 
// in the user table as 'salt'.