All geek questions in one place

(PHP) How to use crypt () with CRYPT_BLOWFISH?

Firstly, I see that to use CRYPT_BLOWFISH I need to use 16 char salt starting at $ 2a $. However, the php.net documentation for crypt () says that some systems do not support CRYPT_BLOWFISH. How often does this happen?

Further, from their example in the docs, I see that I am using crypt () as follows:

<?php $password = crypt('mypassword'); // let the salt be automatically generated /* You should pass the entire results of crypt() as the salt for comparing a password, to avoid problems when different hashing algorithms are used. (As it says above, standard DES-based password hashing uses a 2-character salt, but MD5-based hashing uses 12.) */ if (crypt($user_input, $password) == $password) { echo "Password verified!"; } ?>

To use CRYPT_BLOWFISH, the only thing I need to change is the first line to do it like this:

 crypt('mypassword', '$2a$07$usesomesillystringforsalt$')

and then the rest of the lines are exact, how?

+4
source share
1 answer

For PHP prior to 5.3.0 crypt (), the lib provided by the OS is used. If you are using an earlier version, you will need to check the documentation of your OS to see if it is supported (check the value of the CRYPT_BLOWFISH constant) - if not, then the algorithm is implemented in the mcrypt () extension for PHP.

The example you quoted from the docs doesn't seem to make much sense:

  $stored_password=fetch_password($user); if (crypt($_REQUEST['password'],$stored_password)===$stored_password) { // note that crypt automatically extracts the salt and alogrithm type // from $stored_password ....

When creating a password, you only need to specify the prefix ($ 2a $).

NTN

FROM.

+5
source

Source: https://habr.com/ru/post/1300853/

More articles:


All Articles