PHP crypt() Function
PHP String Reference
Definition and Usage
The crypt() function returns a string encrypted using DES, Blowfish,
or MD5 algorithms.
This function behaves different on different operating systems, some operating
systems supports more than one type of encryption. PHP checks what algorithms
are available and what algorithms to use when it is installed.
The exact algorithm depends on the format and length of the salt parameter.
Salts help make the encryption more secure by increasing the number
of encrypted strings that can be generated for one specific string with one
specific
encryption method.
There are some constants that are used together with the crypt() function.
The value of these constants are set by PHP when it is installed.
Constants:
- [CRYPT_SALT_LENGTH] - The length of the default encryption. With
standard DES encryption, the length is 2
- [CRYPT_STD_DES] - The Standard DES-based encryption has a 2 character salt
from the alphabet "./0-9A-Za-z". Using invalid characters in the salt will
cause the function to fail.
- [CRYPT_EXT_DES] - The Extended DES encryption has a 9 character salt
consisting of an underscore followed by 4 bytes of iteration count and 4
bytes of salt. These are encoded as printable characters, 6 bits per
character, least significant character first. The values 0 to 63 are encoded
as "./0-9A-Za-z". Using invalid characters in the salt will cause the
function to fail.
- [CRYPT_MD5] - The MD5
encryption has a 12 character salt starting with $1$
- [CRYPT_BLOWFISH] - The Blowfish encryption has a salt starting with
$2a$, $2x$, or $2y$, a two digit cost parameters "$", and 22 characters
from the alphabet "./0-9A-Za-z". Using characters outside of the alphabet
will cause this function to return a zero-length string. The "$" parameter
is the base-2 logarithm of the iteration count for the underlying
Blowfish-bashed hashing algorithmeter and must be in range 04-31. Values
outside this range will cause the function to fail.
- [CRYPT_SHA_256] - The SHA-256 encryption has a 16 character salt starting with
$5$. If the salt string starts with "rounds=<N>$",
the numeric value of N is used to indicate how many times the hashing loop
should be executed, much like the cost parameter on Blowfish. The default
number of rounds is 5000, there is a minimum of 1000 and a maximum of
999,999,999. Any selection of N outside this range will be truncated to the
nearest limit.
- [CRYPT_SHA_512] - The SHA-512 encryption has a 16 character salt starting with $6$.
If the salt string starts with "rounds=<N>$", the
numeric value of N is used to indicate how many times the hashing loop
should be executed, much like the cost parameter on Blowfish. The default
number of rounds is 5000, there is a minimum of 1000 and a maximum of
999,999,999. Any selection of N outside this range will be truncated to the
nearest limit.
On systems where this function supports multiple algorithms, the constants
above are set to "1" if supported and "0" otherwise.
Note: There is no decrypt function. The crypt() function uses a one-way algorithm.
Syntax
Parameter |
Description |
str |
Required. Specifies the string to be encoded |
salt |
Optional. A string used to increase the number of
characters encoded, to make the encoding more secure. If the salt argument is not provided, one will be randomly generated by PHP each
time you call this function.
|
Technical Details
Return Value: |
Returns the encoded string or a string that is shorter than
13 characters and is guaranteed to differ from the salt on failure |
PHP Version: |
4+ |
Changelog: |
$2x$ and $2y$ Blowfish modes were added in PHP 5.3.7 to deal with
potential high-bit attacks.
The constants SHA-256 and SHA-512 were
added in PHP 5.3.2.
As of PHP 5.3.2, Blowfish behaviour on invalid
rounds returns the "failure" string ("*0" or "*1"), instead of falling back
to DES.
As of PHP 5.3.0, PHP contains its own
implementation for the MD5 crypt, Standard DES, Extended DES and the
Blowfish algorithms and will use that if the system lacks of support for one
or more of the algorithms. |
Example
Example 1
In this example we will test the different algorithms:
<?php
// 2 character salt
if (CRYPT_STD_DES == 1)
{
echo "Standard DES: ".crypt('something','st')."\n<br>";
}
else
{
echo "Standard DES not supported.\n<br>";
}
// 4 character salt
if (CRYPT_EXT_DES == 1)
{
echo "Extended DES:
".crypt('something','_S4..some')."\n<br>";
}
else
{
echo
"Extended DES not supported.\n<br>";
}
// 12 character salt
starting with $1$
if (CRYPT_MD5 == 1)
{
echo "MD5:
".crypt('something','$1$somethin$')."\n<br>";
}
else
{
echo
"MD5 not supported.\n<br>";
}
// Salt starting with $2a$. The two
digit cost parameter: 09. 22 characters
if (CRYPT_BLOWFISH == 1)
{
echo "Blowfish: ".crypt('something','$2a$09$anexamplestringforsalt$')."\n<br>";
}
else
{
echo "Blowfish DES not supported.\n<br>";
}
// 16 character salt starting with $5$. The default number of rounds is
5000.
if (CRYPT_SHA256 == 1)
{
echo "SHA-256:
".crypt('something','$5$rounds=5000$anexamplestringforsalt$')."\n<br>"; }
else
{
echo "SHA-256 not supported.\n<br>";
}
// 16
character salt starting with $5$. The default number of rounds is 5000.
if (CRYPT_SHA512 == 1)
{
echo "SHA-512:
".crypt('something','$6$rounds=5000$anexamplestringforsalt$');
}
else
{
echo "SHA-512 not supported.";
}
?>
The output of the code above could be (depending on the operating system):
Standard DES: stqAdD7zlbByI
Extended DES: _S4..someQXidlBpTUu6
MD5:
$1$somethin$4NZKrUlY6r7K7.rdEOZ0w.
Blowfish:
$2a$09$anexamplestringforsaleLouKejcjRlExmf1671qw3Khl49R3dfu
SHA-256:
$5$rounds=5000$anexamplestringf$KIrctqsxo2wrPg5Ag/hs4jTi4PmoNKQUGWFXlVy9vu9
SHA-512:
$6$rounds=5000$anexamplestringf$Oo0skOAdUFXkQxJpwzO05wgRHG0dhuaPBaOU/
oNbGpCEKlf/7oVM5wn6AN0w2vwUgA0O24oLzGQpp1XKI6LLQ0.
PHP String Reference
Color Picker