All geek questions in one place

Salt length in CRYPT_BLOWFISH

The PHP manual states that:

CRYPT_BLOWFISH - Blowfish bread with salt as follows: "$ 2a $", two-digit value parameter, "$" and 22 digits from the alphabet "./0-9A-Za-z".

I realized that the length of the salt is 22. I wrote the following code and noticed that the length of the salt output is 21.

$encoded = crypt('pass','$2a$08$QAZXSWEDCVFRTGBNHYUJMK'); // Lenght of Q . . . K is 22 echo $encoded;

Output:

$ 2a $ 08 $ QAZXSWEDCVFRTTGBNHYUJM. / CR85.t4YytTnmLXsRJMfbYWopbT8Nu

K does not exist in salt: QAZXSWEDCVFRTGBNHYUJM

I don `t understand?

+3
source share
1 answer

This is due to the way the salt is encoded. The actual salt is 128 bits, but the crypt encoded salt is 22 characters Β· 8 bits / character Β· 3/4 = 132 bits. Thus, 4 bits of coded salt are not actually used.

It also means that there are 16 coded salts that lead to the same hash, since the first four bits of their least significant character are identical:

 $hashes = array(); $chars = array_merge(array('.','/'), range('A','Z'), range('a','z'), range('0','9')); foreach ($chars as $char) { $salt = 'QAZXSWEDCVFRTGBNHYUJM'.$char; $hashes[$salt] = crypt('pass','$2a$08$'.$salt); } var_dump($hashes);

Here are the encoded salts that result in the same hash:

 QAZXSWEDCVFRTGBNHYUJM. QAZXSWEDCVFRTGBNHYUJM/ QAZXSWEDCVFRTGBNHYUJMA QAZXSWEDCVFRTGBNHYUJMB QAZXSWEDCVFRTGBNHYUJMC QAZXSWEDCVFRTGBNHYUJMD QAZXSWEDCVFRTGBNHYUJME QAZXSWEDCVFRTGBNHYUJMF QAZXSWEDCVFRTGBNHYUJMG QAZXSWEDCVFRTGBNHYUJMH QAZXSWEDCVFRTGBNHYUJMI QAZXSWEDCVFRTGBNHYUJMJ QAZXSWEDCVFRTGBNHYUJMK QAZXSWEDCVFRTGBNHYUJML QAZXSWEDCVFRTGBNHYUJMM QAZXSWEDCVFRTGBNHYUJMN

crypt probably just uses the first one that encodes the internally used 128-bit salt, which is QAZXSWEDCVFRTGBNHYUJM. .

+4
source

Source: https://habr.com/ru/post/957755/

More articles:


All Articles