Func String Crypt
* * *
[ function returns a string encrypted using DES, Blowfish, or MD5 algorithms.
The behavior of this function varies across different operating systems; some operating systems support more than one algorithm type. During installation, PHP checks which algorithms are available and which one to use.
The exact algorithm depends on the format and length of the salt parameter. The salt enhances security by increasing the number of possible strings generated from a given input string combined with a specific encryption method.
Below are some constants used with the crypt() function. These constant values are set by PHP during installation.
Constants:
* - Default salt length. For standard DES encryption, the length is 2.
* - Standard DES-based encryption uses a 2-character salt drawn from the alphabet "./0-9A-Za-z". Using invalid characters in the salt causes the function to fail.
* - Extended DES-based encryption uses a 9-character salt consisting of an underscore followed by 4 bytes representing the iteration count and 4 bytes representing the salt. These are encoded as printable characters, with each character representing 6 bits, least-significant character first. Values 0β63 are encoded as "./0-9A-Za-z". Using invalid characters in the salt causes the function to fail.
* - MD5 encryption uses a 12-character salt starting with "$1$".
* - Blowfish encryption uses a salt starting with "$2a$", "$2x$", or "$2y$", followed by a two-digit cost parameter "$", and then 22 characters drawn from the alphabet "./0-9A-Za-z". Using characters outside this alphabet causes the function to return a zero-length string. The "$" parameter represents the base-2 logarithm of the number of iterations for the Blowfish hash algorithm and must be in the range 04β31. Values outside this range cause the function to fail.
* - SHA-256 encryption uses a 16-character salt starting with "$5$". If the salt string begins with "rounds=$", the numeric value of N specifies the number of hashing rounds performed, similar to the cost parameter in Blowfish. The default number of rounds is 5000, the minimum is 1000, and the maximum is 999,999,999. Any N value outside this range is adjusted to the nearest boundary value.
* - SHA-512 encryption uses a 16-character salt starting with "$6$". If the salt string begins with "rounds=$", the numeric value of N specifies the number of hashing rounds performed, similar to the cost parameter in Blowfish. The default number of rounds is 5000, the minimum is 1000, and the maximum is 999,999,999. Any N value outside this range is adjusted to the nearest boundary value.
On systems where this function supports multiple algorithms, the above constants are set to "1" if supported, otherwise to "0".
**Note:** There is no corresponding decryption function. The crypt() function uses a one-way algorithm.
* * *
## Syntax
crypt(_str,salt_)
| Parameter | Description |
| --- | --- |
| _str_ | Required. Specifies the string to be encoded. |
| _salt_ | Optional. A string used to increase the number of encoded characters to enhance security. If the salt parameter is not provided, a random salt is generated each time the function is called. |
## Technical Details
| Return Value: | Returns the encrypted string; on failure, returns a string shorter than 13 characters that is guaranteed to differ from the salt. |
| --- |
| PHP Version: | 4+ |
| Changelog: | In PHP 5.3.7, new $2x$ and $2y$ Blowfish modes were added to address potential high-bit attacks. In PHP 5.3.2, constants SHA-256 and SHA-512 were added. Starting with PHP 5.3.2, Blowfish returns a "failure" string ("*0" or "*1") for invalid rounds instead of falling back to DES. Starting with PHP 5.3.0, PHP includes its own implementations of MD5 encryption, standard DES, extended DES, and the Blowfish algorithm. If the system does not support any of these algorithms, PHPβs built-in implementations are used. |
* * *
## Examples
## Example 1
## Example 2
Using htpasswd for crypt() encryption:
## Example 1
In this example, we use different hash types:
The output of the code above (depending on the operating system) is:
Standard DES: rl.3StKT.4T8MExtended DES: _J9..rasmBYk8r9AiWNc MD5: $1$rasmusle$rISCgZzpwk3UhDidwXvin0 Blowfish: $2a$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi SHA-256: $5$rounds=5000$usesomesillystri$KqJWpanXZHKq2BOB43TSaYhEWsQ1Lr5QNyPCDH/Tp.6 SHA-512: $6$rounds=5000$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21
* * *
[![Image 2: PHP String Reference Manual]( PHP String Reference Manual](
YouTip