Why does the PHP encryption function use the DES encryption algorithm?

Question

Why does the PHP encryption function use the DES encryption algorithm?

Given that the rule of thumb is to store salted hashes of the password string, rather than encrypted, why does PHP crypt()use DES-based algorithms? Isn't DES a cryptographic algorithm? The manual says:

... crypt () will return the hashed string using the standard Unix DES algorithm or alternative algorithms that may be available on the system ...

I understand that it crypt()uses only the algorithm implemented by the system. And, of course, DES is implemented as an encryption algorithm, not a custom hash algorithm for crypt.

PS - I know that DES was in the past, and no one else should use it.

+4

php encryption hash crypt des

user1720897 Mar 09 '14 at 20:21

source share

1 answer

︁ · Accepted Answer · 2014-03-09T20:45:21+0000

The idea behind DES-based hashing is basically to encrypt a block of zeros with a password and transfer salt for a number of rounds. Any semi-decent encryption makes serious recovery tough even in the face of well-known plaintext, therefore it can be made from hash encryption from encryption functions.

I think PHP is compatible with this scheme by default .

Why does the PHP encryption function use the DES encryption algorithm?

More articles: