The crypt() function returns a string encrypted using the DES, Blowfish, or MD5 algorithm.
This function behaves differently on different operating systems, and some operating systems support more than one algorithm type. At installation time, PHP checks what algorithms are available and what algorithms are used.
The exact algorithm depends on the format and length of the salt argument. Salt can make encryption more secure by increasing the number of strings generated from a specific string with a specific encryption method.
Here are some constants used with the crypt() function. These constant values are set by PHP during installation.
constant:
[CRYPT_SALT_LENGTH] - Default encryption length. Use standard DES encryption, length 2
[CRYPT_STD_DES] - Standard DES-based encryption with a 2-character salt from the alphabet "./0-9A-Za-z". Using invalid characters in salt will cause the function to fail.
[CRYPT_EXT_DES] - Extended DES-based encryption with a 9-character salt consisting of an underscore, followed by a 4-byte iteration number and a 4-byte salt. These are encoded as printable characters, 6 bits per character, least significant character first. Values 0 to 63 are encoded as "./0-9A-Za-z". Using invalid characters in salt will cause the function to fail.
[CRYPT_MD5] - MD5 encryption with a 12-character salt starting with $1$.
[CRYPT_BLOWFISH] - Blowfish encryption has a salt starting with $2a$, $2x$ or $2y$, a two-digit cost parameter "$", and from the alphabet "./0-9A-Za-z" 22 characters in . Using characters outside the alphabet will cause the function to return a zero-length string. The "$" parameter is the base 2 logarithm of the number of iterations of the Blowfish hashing algorithm and must be in the range 04-31. Values outside this range will cause the function to fail.
[CRYPT_SHA_256] - SHA-256 encryption has a 16-character salt, starting with $5$. If the salt string starts with "rounds=<N>$", the numeric value of N is used to represent the number of times the hash round is executed, similar to the cost parameter in Blowfish. The default number of loops is 5000, the minimum value is 1000, and the maximum value is 999,999,999. Any value of N outside this range will be converted to the nearest boundary value.
[CRYPT_SHA_512] - SHA-512 encryption has a 16-character salt, starting with $6$. If the salt string starts with "rounds=<N>$", the numeric value of N is used to represent the number of times the hash round is executed, similar to the cost parameter in Blowfish. The default number of cycles is 5000, the minimum value is 1000, and the maximum value is 999,999,999. Any value of N outside this range will be converted to the nearest boundary value.
On systems where this function supports multiple algorithms, the above constants are set to "1" if supported and "0" otherwise.
Note: There is no corresponding decryption function. The crypt() function uses a one-way algorithm.
crypt( str,salt )
| parameter | describe |
|---|---|
| str | Required. Specifies the string to be encoded. |
| salt | Optional. A string used to increase the number of characters being encoded to make the encoding more secure. If no salt argument is provided, one will be randomly generated each time the function is called. |
| Return value: | Returns an encrypted string, or on failure a string of less than 13 characters that is guaranteed to be different from the salt. |
|---|---|
| PHP version: | 4+ |
| Update log: | In PHP 5.3.7, the $2x$ and $2y$ Blowfish modes were added to deal with potential high-level attacks. In PHP 5.3.2, the new constants SHA-256 and SHA-512 were added. As of PHP 5.3.2, Blowfish will return the "failure" string ("*0" or "*1") on invalid loops instead of falling back to DES. Since PHP 5.3.0, PHP comes with MD5 encryption implementation, standard DES implementation, extended DES implementation and Blowfish algorithm. If the system does not support the above algorithm, PHP's own algorithm will be used. |
Use htpasswd for crypt() encryption:
<?php // Set password $password = ' mypassword ' ; // Get the hash value, use automatic salt value $hash = crypt ( $password ) ; ?>In this example, we use different hash types:
<?php if ( CRYPT_STD_DES == 1 ) { echo ' Standard DES: ' . crypt ( ' rasmuslerdorf ' , ' rl ' ) . " n " ; } if ( CRYPT_EXT_DES == 1 ) { echo ' Extended DES: ' . crypt ( ' rasmuslerdorf ' , ' _J9..rasm ' ) . " n " ; } if ( CRYPT_MD5 == 1 ) { echo ' MD5: ' . crypt ( ' rasmuslerdorf ' , ' $1$rasmusle$ ' ) . " n " ; } if ( CRYPT_BLOWFISH == 1 ) { echo ' Blowfish: ' . crypt ( ' rasmuslerdorf ' , ' $2a$07$usesomesillystringforsalt$ ' ) . " n " ; } if ( CRYPT_SHA256 == 1 ) { echo ' SHA-256: ' . crypt ( ' rasmuslerdorf ' , ' $5$rounds=5000$usesomesillystringforsalt$ ' ) . " n " ; } if ( CRYPT_SHA512 == 1 ) { echo ' SHA-512: ' . crypt ( ' rasmuslerdorf ' , ' $6$rounds=5000$usesomesillystringforsalt$ ' ) . " n " ; } ?>The above code outputs the following (depending on the operating system):
Standard DES: rl.3StKT.4T8MExtended DES: _J9..rasmBYk8r9AiWNcMD5: $1$rasmusle$rISCgZzpwk3UhDidwXvin0Blowfish: $2a$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hiSHA-256: $5$rounds=5000$usesomesillystri$KqJWpanXZHKq2BOB43TSaYhEWsQ1Lr5QNyPCDH/Tp.6SHA-512: $6$rounds=5000$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21