0

I'm using crypt() function but I don't know if my implementation is correct. What kind of algorithm I'm using if I write someting like this :

crypt('PE','12345')

I read the documentation and I don't know which algorithm is chosen with a five char salt like 12345.

nanobash
  • 5,419
  • 7
  • 38
  • 56
Pete
  • 314
  • 4
  • 16
  • See [here](http://stackoverflow.com/questions/4447913/php-crypt-function-on-different-os/4447952#4447952) – mishmash Jan 09 '13 at 11:28
  • if this is for passwords, save yourself a lot of hassle and download this lib: https://github.com/ircmaxell/password_compat – SDC Jan 09 '13 at 11:36
  • @SDC this is not the purpose. I just want to know which algorithm PHP is using with my salt :) – Pete Jan 09 '13 at 11:41

4 Answers4

1

It depends on the underlying system. I suggest you use hash() instead. For example.

$algos = hash_algos();
if (in_array("sha256", $algos)) {
    $str = hash ("sha256", "something" . "salt");
}

This way you can consistently use one hashing algorithm.

mishmash
  • 4,422
  • 3
  • 34
  • 56
1

Depends on the system as the documentation says.

To determine what your system supports, you can check the values of constants defined by PHP. The constant CRYPT_SALT_LENGTH will display the expected length of the salt string. DES accepts a two-character salt. MD5 accepts 12 characters. You can also check to see whether any of the following flags are set: CRYPT_STD_DES, CRYPT_EXT_DES, CRYPT_MD5, CRYPT_BLOWFISH. To do this, issue a command such as: echo CRYPT_MD5

A numeral 1 indicates it is supported; a 0 indicates that it is not.

Consider reading details here http://www.techrepublic.com/article/the-perils-of-using-php-crypt/1058691

Rajat Garg
  • 355
  • 1
  • 2
  • 11
0

crypt() will return a hashed string using the standard Unix DES-based algorithm or alternative algorithms that may be available on the system.

From PHP Doc

stearm
  • 133
  • 11
  • Yes but apparently it depends of the salt your're giving in parameters. And my salt 12345 is not a documented salt. – Pete Jan 09 '13 at 11:33
0

crypt() will return a hashed string using the standard Unix DES-based algorithm if it's available on the system and if not then it will return MD5-based algoritm. And you can set what type of algorithm you want to use from the following list:

  1. CRYPT_STD_DES .
  2. CRYPT_EXT_DES .
  3. CRYPT_MD5.
  4. CRYPT_BLOWFISH.
  5. CRYPT_SHA256.
  6. CRYPT_SHA512.

and this list can be used like this:

//setting the value to 1 means enable this algorithm 
//which will return true or false.
if (CRYPT_STD_DES == 1) {
    echo 'Standard DES: ' . crypt('rasmuslerdorf', 'rl') . "\n";
}

if (CRYPT_EXT_DES == 1) {
    echo 'Extended DES: ' . crypt('rasmuslerdorf', '_J9..rasm') . "\n";
}

if (CRYPT_MD5 == 1) {
    echo 'MD5:          ' . crypt('rasmuslerdorf', '$1$rasmusle$') . "\n";
}

if (CRYPT_BLOWFISH == 1) {
    echo 'Blowfish:     ' . crypt('rasmuslerdorf', '$2a$07$usesomesillystringforsalt$') . "\n";
}

if (CRYPT_SHA256 == 1) { 
    echo 'SHA-256:      ' . crypt('rasmuslerdorf', '$5$rounds=5000$usesomesillystringforsalt$') . "\n";
}

if (CRYPT_SHA512 == 1) {
    echo 'SHA-512:      ' . crypt('rasmuslerdorf', '$6$rounds=5000$usesomesillystringforsalt$') . "\n";
}

Which means that you have to choose what type of algorithm you want to use before using if you don't want to use the default by system.

mamdouh alramadan
  • 8,349
  • 6
  • 36
  • 53