PHP crypt() Function

PHP crypt() function is often used for one-way string encryption using DES or MD5 algorithms (or hashing). The standard DES-based crypt() returns the salt as the first two characters of the output. The follwing constant are used with the crypt() function:

  • CRYPT_STD_DES - Standard DES-based hash with a two character salt from the alphabet "./0-9A-Za-z". Using invalid characters in the salt will cause crypt() to fail.
  • CRYPT_EXT_DES - Extended DES-based hash. The "salt" is a 9-character string consisting of an underscore followed by 4 bytes of iteration count and 4 bytes of salt. These are encoded as printable characters, 6 bits per character, least significant character first. The values 0 to 63 are encoded as "./0-9A-Za-z". Using invalid characters in the salt will cause crypt() to fail.
  • CRYPT_MD5 - MD5 hashing with a twelve character salt starting with $1$
  • CRYPT_BLOWFISH - Blowfish hashing with a salt from "$2a$", "$2x$" or "$2y$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z". Using characters outside of this range in the salt will cause crypt() to return a zero-length string. The two digit cost parameter is the base-2 logarithm of the iteration count for the underlying Blowfish-based hashing algorithmeter and must be in range 04-31, values outside this range will cause crypt() to fail.
  • CRYPT_SHA256 - SHA-256 hash with a 16 character salt prefixed with $5$. If the salt string starts with 'rounds=$', the numeric value of N is used to indicate how many times the hashing loop should be executed, much like the cost parameter on Blowfish. The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.
  • CRYPT_SHA512 - SHA-512 hash with a sixteen character salt prefixed with $6$. If the salt string starts with 'rounds=$', the numeric value of N is used to indicate how many times the hashing loop should be executed, much like the cost parameter on Blowfish. The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.

On systems where above function supports multiple hash types, the constants above are set to 0 or 1 depending on whether the above types is available.

Syntax

string crypt(str,salt);

crypt() Function Parameter

ParameterDescription
str :Required parameter. The string to be hashed.
salt :Optional parameter. An salt string to base the hashing on.

crypt() Function Return Value

Return Value :Returns the hashed string or a string that is shorter than 13 characters and is guaranteed to differ from the salt on failure.

crypt() Function Example

<?php

// Two character salt
if (CRYPT_STD_DES == 1)
    echo 'Standard DES:' . crypt('guaranteed', 'op') . "\n";
else
    echo "Not supported";

// Four character salt
if (CRYPT_EXT_DES == 1)
    echo 'Extended DES:' . crypt('guaranteed', '_IO..some') . "\n";
else
    echo "Not supported";

// 12 character salt starting with $1$
if (CRYPT_MD5 == 1) 
    echo 'MD5:' . crypt('guaranteed', '$1$somestr$') . "\n";
else
    echo "Not supported";

// Salt starting with $2a$. The two digit cost parameter: 07. 24 characters
if (CRYPT_BLOWFISH == 1)
    echo 'Blowfish:' . crypt('guaranteed', '$2a$07$usesomesillystringforsalt$') . "\n";
else
    echo "Not supported";

// 16 character salt starting with $5$. The default number of rounds is 5000.
if (CRYPT_SHA256 == 1)
    echo 'SHA-256:' . crypt('guaranteed', '$5$rounds=5000$usesomesillystringforsalt$') . "\n";
else
    echo "Not supported";

// 16 character salt starting with $6$. The default number of rounds is 5000.
if (CRYPT_SHA512 == 1)
    echo 'SHA-512:' . crypt('guaranteed', '$6$rounds=5000$usesomesillystringforsalt$') . "\n";
else
    echo "Not supported";

?>