X
HOME HTML CSS JAVASCRIPT SQL PHP JQUERY ANGULAR BOOTSTRAP XML ASP.NET MORE...
REFERENCES | EXAMPLES | FORUM | ABOUT

PHP crypt() Function


PHP String Reference PHP String Reference

Definition and Usage

The crypt() function returns a string encrypted using DES, Blowfish, or MD5 algorithms.

This function behaves different on different operating systems, some operating systems supports more than one type of encryption. PHP checks what algorithms are available and what algorithms to use when it is installed.

The exact algorithm depends on the format and length of the salt parameter. Salts help make the encryption more secure by increasing the number of encrypted strings that can be generated for one specific string with one specific encryption method.

There are some constants that are used together with the crypt() function. The value of these constants are set by PHP when it is installed.

Constants:

  • [CRYPT_SALT_LENGTH] - The length of the default encryption. With standard DES encryption, the length is 2
  • [CRYPT_STD_DES] - The Standard DES-based encryption has a 2 character salt from the alphabet "./0-9A-Za-z". Using invalid characters in the salt will cause the function to fail.
  • [CRYPT_EXT_DES] - The Extended DES encryption has a 9 character salt consisting of an underscore followed by 4 bytes of iteration count and 4 bytes of salt. These are encoded as printable characters, 6 bits per character, least significant character first. The values 0 to 63 are encoded as "./0-9A-Za-z". Using invalid characters in the salt will cause the function to fail.
  • [CRYPT_MD5] - The MD5 encryption has a 12 character salt starting with $1$
  • [CRYPT_BLOWFISH] - The Blowfish encryption has a salt starting with $2a$,  $2x$, or $2y$, a two digit cost parameters "$", and 22 characters from the alphabet "./0-9A-Za-z". Using characters outside of the alphabet will cause this function to return a zero-length string. The "$" parameter is the base-2 logarithm of the iteration count for the underlying Blowfish-bashed hashing algorithmeter and must be in range 04-31. Values outside this range will cause the function to fail.
  • [CRYPT_SHA_256] - The SHA-256 encryption has a 16 character salt starting with  $5$.  If the salt string starts with "rounds=<N>$", the numeric value of N is used to indicate how many times the hashing loop should be executed, much like the cost parameter on Blowfish. The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.
  • [CRYPT_SHA_512] - The SHA-512 encryption has a 16 character salt starting with $6$.  If the salt string starts with "rounds=<N>$", the numeric value of N is used to indicate how many times the hashing loop should be executed, much like the cost parameter on Blowfish. The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.

On systems where this function supports multiple algorithms, the constants above are set to "1" if supported and "0" otherwise.

Note: There is no decrypt function. The crypt() function uses a one-way algorithm.


Syntax

crypt(str,salt)

Parameter Description
str Required. Specifies the string to be encoded
salt Optional. A string used to increase the number of characters encoded, to make the encoding more secure. If the salt argument is not provided, one will be randomly generated by PHP each time you call this function.

Technical Details

Return Value: Returns the encoded string or a string that is shorter than 13 characters and is guaranteed to differ from the salt on failure
PHP Version: 4+
Changelog: $2x$ and $2y$ Blowfish modes were added in PHP 5.3.7 to deal with potential high-bit attacks.

The constants SHA-256 and SHA-512 were added in PHP 5.3.2.

As of PHP 5.3.2, Blowfish behaviour on invalid rounds returns the "failure" string ("*0" or "*1"), instead of falling back to DES.

As of PHP 5.3.0, PHP contains its own implementation for the MD5 crypt, Standard DES, Extended DES and the Blowfish algorithms and will use that if the system lacks of support for one or more of the algorithms.


Example

Example 1

In this example we will test the different algorithms:

<?php
// 2 character salt
if (CRYPT_STD_DES == 1)
{
echo "Standard DES: ".crypt('something','st')."\n<br>";
}
else
{
echo "Standard DES not supported.\n<br>";
}

// 4 character salt
if (CRYPT_EXT_DES == 1)
{
echo "Extended DES: ".crypt('something','_S4..some')."\n<br>";
}
else
{
echo "Extended DES not supported.\n<br>";
}

// 12 character salt starting with $1$
if (CRYPT_MD5 == 1)
{
echo "MD5: ".crypt('something','$1$somethin$')."\n<br>";
}
else
{
echo "MD5 not supported.\n<br>";
}

// Salt starting with $2a$. The two digit cost parameter: 09. 22 characters
if (CRYPT_BLOWFISH == 1)
{
echo "Blowfish: ".crypt('something','$2a$09$anexamplestringforsalt$')."\n<br>";
}
else
{
echo "Blowfish DES not supported.\n<br>";
}

// 16 character salt starting with $5$. The default number of rounds is 5000.
if (CRYPT_SHA256 == 1)
{
echo "SHA-256: ".crypt('something','$5$rounds=5000$anexamplestringforsalt$')."\n<br>"; }
else
{
echo "SHA-256 not supported.\n<br>";
}

// 16 character salt starting with $5$. The default number of rounds is 5000.
if (CRYPT_SHA512 == 1)
{
echo "SHA-512: ".crypt('something','$6$rounds=5000$anexamplestringforsalt$');
}
else
{
echo "SHA-512 not supported.";
}
?>

The output of the code above could be (depending on the operating system):

Standard DES: stqAdD7zlbByI
Extended DES: _S4..someQXidlBpTUu6
MD5: $1$somethin$4NZKrUlY6r7K7.rdEOZ0w.
Blowfish: $2a$09$anexamplestringforsaleLouKejcjRlExmf1671qw3Khl49R3dfu
SHA-256: $5$rounds=5000$anexamplestringf$KIrctqsxo2wrPg5Ag/hs4jTi4PmoNKQUGWFXlVy9vu9
SHA-512: $6$rounds=5000$anexamplestringf$Oo0skOAdUFXkQxJpwzO05wgRHG0dhuaPBaOU/
oNbGpCEKlf/7oVM5wn6AN0w2vwUgA0O24oLzGQpp1XKI6LLQ0.



PHP String Reference PHP String Reference

Your suggestion:

Close [X]

Thank You For Helping Us!

Your message has been sent to W3Schools.

Close [X]
Search w3schools.com:

WEB HOSTING

UK Reseller Hosting

WEB BUILDING

Download XML Editor FREE Website BUILDER Free HTML5 Templates

SHARE THIS PAGE

facebook