PHP crypt() Function Usage and Example

PHP String Character String Functions Manual

The crypt() function is used to return a one-way string hash

Syntax

string crypt ( string $str [, string $salt ] )

Definition and Usage

　crypt() returns a hash string based on the standard UNIX DES algorithm or other available alternative algorithms on the system.
The salt parameter is optional. However, if no salt is provided, the crypt() function will create a weak password. php 5.6and later versions will throw an E_NOTICE level error if it is not provided. For better security, make sure to specify a sufficiently strong salt.
password_hash() uses a strong hash algorithm to generate a sufficiently strong salt and will automatically perform the appropriate rounds. password_hash() is a simple wrapper for crypt() and is fully compatible with existing password hashing. It is recommended to use password_hash().
Some systems support more than one hash type. In fact, sometimes, based on MD5 algorithm is used instead of the algorithm based on standard DES. This hash type is triggered by the salt parameter. In 5.3 Before that, PHP determines the available algorithms based on the system's crypt() during installation. If no salt is provided, PHP will automatically generate one 2 characters (DES) or 12 characters (MD5salt, depending on MD5 availability of crypt(). PHP sets a constant named CRYPT_SALT_LENGTH to indicate the maximum length of the available salt for the hash.
Based on the standard DES algorithm, the crypt() function returns a two-character salt at the beginning of the output content. It also only uses the beginning 8 characters, so a longer string with the same 8 A string starting with a character will also generate the same result (when the same salt is used).
On systems where the crypt() function supports multiple hashes, the following constants are set to 0 or 1:

• CRYPT_STD_DES - Hashing based on the standard DES algorithm uses "./0-9A--Z" characters as the salt. Using illegal characters in the salt will cause crypt() to fail.

• CRYPT_EXT_DES - Extended hash based on the DES algorithm. Its salt is 9 A string of characters, composed of 1 Followed by 4 Byte iteration count and 4 Byte salt value. They are encoded as printable characters, each character 6 Bit, the priority is given to the bits with the least number of valid bits. From 0 to 63 Encoded as "./0-9A--z". Using illegal characters in the salt will cause crypt() to fail.

• CRYPT_MD5 - MD5 Hashing uses a salt starting with $1Starting with $ 12 Character string salt.

• CRYPT_BLOWFISH - The Blowfish algorithm uses the following salt: "2a$ 64 By "./0-9A--Z 2 The logarithm of the base 2, its range is 04-31, exceeding this range will cause crypt() to fail. PHP 5.3.7 Before only supported "2a$ 5.3.7 Starting with version 5.3.0, new prefixes were introduced to fix a security risk in the Blowfish implementation. You can refer to » this document for more information about this fix. In summary, if developers are only targeting PHP 5.3.72y$2a$

• CRYPT_SHA256 - SHA-256 The algorithm uses a salt starting with $5Starting with $ 16 Character string salt for hashing. If the salt string starts with 'rounds=<N>$', the numeric value of N will be used to specify the number of hash iterations, which is similar to the cost parameter of the Blowfish algorithm. The default number of iterations is 5000, the minimum is 1000, the maximum is 999,999,999. N outside this range will be rounded to the nearest value.

• CRYPT_SHA512 - SHA-512 The algorithm uses a salt starting with $6Starting with $ 16 Character string salt for hashing. If the salt string starts with 'rounds=<N>$', the numeric value of N will be used to specify the number of hash iterations, which is similar to the cost parameter of the Blowfish algorithm. The default number of iterations is 5000, the minimum is 1000, the maximum is 999,999,999. N outside this range will be rounded to the nearest value.
  

Return Value

It returns the hash string

Parameter

Online Example

Try the following example, the crypt() function gets the hash value using automatic salting:

<?php
　　　　　　//Set the password
　　　$input = 'information';　　
　　　
　　　//　Get the hash value using an automatic salt　
　　　$hash = crypt($input);
?>

PHP String Character String Functions Manual