Definition
The crypt() function returns a hashed string using DES, Blowfish, or MD5 algorithms. This function takes a string to encrypt and a salt. The salt parameter is optional. However, crypt() creates a weak hash without the salt. So make sure to specify a strong enough salt for better security.
On operating systems where the crypt() function supports multiple hash types, the following constants are set to 0 or 1 depending on whether the given type is available:
-
CRYPT_STD_DES
– Standard DES-based hash with a two character salt from the alphabet "./0-9A-Za-z". Using invalid characters in the salt will cause this function to fail. -
CRYPT_EXT_DES
– Extended DES-based hash with a nine character salt consisting of an underscore followed by 4 bytes of iteration count and 4 bytes of salt. These are encoded as printable characters, 6 bits per character, least significant character first. The values 0 to 63 are encoded as "./0-9A-Za-z". Using invalid characters in the salt will cause this function to fail. -
CRYPT_MD5
– MD5 hashing with a twelve character salt starting with $1$ -
CRYPT_BLOWFISH
– Blowfish hashing with a salt starting with $2a$, $2x$ or $2y$, a two digit cost parameter, $, and 22 characters from the alphabet "./0-9A-Za-z". Using characters outside of this range in the salt will cause crypt() to return a zero-length string. The cost parameter is the base-2 logarithm of the iteration count for the underlying Blowfish-based hashing algorithmeter and must be in range 04-31, values outside this range will cause this function to fail. -
CRYPT_SHA256
– SHA-256 hash with a sixteen character salt starting with $5$. If the salt string starts with "rounds=$", the numeric value of N is used to indicate how many times the hashing loop should be executed, much like the cost parameter on Blowfish. The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999. Any selection of N outside this range will be truncated to the nearest limit. -
CRYPT_SHA512
– SHA-512 hash with a sixteen character salt starting with $6$. If the salt string starts with "rounds=$", the numeric value of N is used to indicate how many times the hashing loop should be executed, much like the cost parameter on Blowfish. The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.
Syntax
crypt(str, salt)
Parameters
Parameter | Description |
---|---|
str |
Required. Specifies the string to be hashed. |
salt |
Required. A salt string to base the hashing on. |
Example
<?php
$expected = crypt('12345', '$2a$07$usesomesillystringforsalt$');
$correct = crypt('12345', '$2a$07$usesomesillystringforsalt$');
$incorrect = crypt('apple', '$2a$07$usesomesillystringforsalt$');
var_dump(hash_equals($expected, $correct));
echo "<br>";
var_dump(hash_equals($expected, $incorrect));