PHP crypt() Function

By / February 10, 2022
PHP crc32() Function
PHP echo() Function

In this article, you will learn how to generate a hash in PHP. Before moving forward, lets understand what is hash.

What is hash?

A hash function is an algorithm that takes an arbitrary amount of data input—a credential—and produces a fixed-size output of enciphered text called a hash value, or just “hash.” That enciphered text can then be stored instead of the password itself, and later used to verify the user.

The PHP crypt() function uses algorithms like DES, Blowfish, or MD5 to generate the hash. There is a salt parameter in this method. If you don’t use this parameter, the crypt() function may generate weak password/hash. To ensure strong security, you must use this parameter.

There are some constants used with the crypt() function. These constants are built-in along with the installation of PHP. They are given below.

Note: The crypt() function is a one-way algorithm as there is no decrypt function.

Constants of crypt() function in PHP

  • [CRYPT_STD_DES] – Standard DES-based hash with two character salt from the alphabet “./0-9A-Za-z”. Using invalid characters in the salt will cause this function to fail.
  • [CRYPT_EXT_DES] – Extended DES-based hash with a nine character salt consisting of an underscore followed by 4 bytes of iteration count and 4 bytes of salt. These are encoded as printable characters, 6 bits per character, least significant character first. The values 0 to 63 are encoded as “./0-9A-Za-z”. Using invalid characters in the salt will cause the function to fail.
  • [CRYPT_MD5] – MD5 hashing with a 12 character salt starting with $1$
  • [CRYPT_BLOWFISH] – Blowfish hashing with a salt starting with $2a$, $2x$, or $2y$, a two digit cost parameters “$”, and 22 characters from the alphabet “./0-9A-Za-z”. Using characters outside of the alphabet will cause this function to return a zero-length string. The “$” parameter is the base-2 logarithm of the iteration count for the underlying Blowfish-bashed hashing algorithmeter and must be in range 04-31. Values outside this range will cause the function to fail.
  • [CRYPT_SHA_256] – SHA-256 hash with a 16 character salt starting with $5$. If the salt string starts with “rounds=<N>$”, the numeric value of N is used to indicate how many times the hashing loop should be executed, much like the cost parameter on Blowfish. The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.
  • [CRYPT_SHA_512] – SHA-512 hash with a 16 character salt starting with $6$. If the salt string starts with “rounds=<N>$”, the numeric value of N is used to indicate how many times the hashing loop should be executed, much like the cost parameter on Blowfish. The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.

On systems where this function supports multiple algorithms, the constants above are set to “1” if supported and “0” otherwise.

What is the syntax of the CRYPT() function in php?

crypt(str,salt)
ParameterDescription
strThe string to generate the hash of – Required
saltThe salt to make the base of the hash on – Optional
PHP crypt() method

Examples of the CRYPT() function

Example 1. In this example, we tested different algorithms used with the PHP crypt() function.

<?php
// Salt of 2 chars
if (CRYPT_STD_DES == 1)
{
echo "Standard DES: ".crypt('some string','ab');
}
else
{
echo "Standard DES not supported.";
}

// Salt of 4 chars
if (CRYPT_EXT_DES == 1)
{
echo "Extended DES: ".crypt('some string','_S4..some')."\n<br>";
}
else
{
echo "Extended DES not supported.";
}

// Salt of 12 chars starting with $1
if (CRYPT_MD5 == 1)
{
echo "MD5: ".crypt('some string','$1$somethin$')."\n<br>";
}
else
{
echo "MD5 not supported.";
}

// Salt = $2a$.
if (CRYPT_BLOWFISH == 1)
{
echo "Blowfish: ".crypt('something','$2a$09$anexamplestringforsalt$')."\n<br>";
}
else
{
echo "Blowfish DES not supported.";
}

// Salt of 16 chars staring with $5$
if (CRYPT_SHA256 == 1)
{
// default number of rounds: 5000
echo "SHA-256: ".crypt('some string','$5$rounds=5000$anexamplestringforsalt$')."\n<br>"; }
else
{
echo "SHA-256 not supported.";
}

// Salt of 16 chars staring with $6$
if (CRYPT_SHA512 == 1)
{
// default number of rounds: 5000
echo "SHA-512: ".crypt('some string','$6$rounds=5000$anexamplestringforsalt$');
}
else
{
echo "SHA-512 not supported.";
}
?>
PHP crc32() Function
PHP echo() Function

Stay up-to-date about PHP!

We don’t spam!

en English
X
af Afrikaanssq Shqipam አማርኛar العربيةhy Հայերենaz Azərbaycan dilieu Euskarabe Беларуская моваbn বাংলাbg Българскиca Catalàbs Bosanskiceb Cebuanony Chichewazh-CN 简体中文zh-TW 繁體中文co Corsuhr Hrvatskics Čeština‎da Dansknl Nederlandsen Englisheo Esperantoet Eestitl Filipinofi Suomifr Françaisfy Fryskgl Galegoka ქართულიde Deutschel Ελληνικάgu ગુજરાતીht Kreyol ayisyenha Harshen Hausahaw Ōlelo Hawaiʻiiw עִבְרִיתhi हिन्दीhmn Hmonghu Magyaris Íslenskaig Igboid Bahasa Indonesiaga Gaeilgeit Italianoja 日本語jw Basa Jawakn ಕನ್ನಡkk Қазақ тіліkm ភាសាខ្មែរko 한국어ku كوردی‎ky Кыргызчаlo ພາສາລາວla Latinlv Latviešu valodalt Lietuvių kalbalb Lëtzebuergeschmk Македонски јазикmg Malagasyms Bahasa Melayuml മലയാളംmt Maltesemi Te Reo Māorimr मराठीmn Монголmy ဗမာစာne नेपालीno Norsk bokmålps پښتوfa فارسیpl Polskipt Portuguêspa ਪੰਜਾਬੀro Românăru Русскийsm Samoangd Gàidhligsr Српски језикst Sesothosn Shonasd سنڌيsi සිංහලsk Slovenčinasl Slovenščinaso Afsoomaalies Españolsu Basa Sundasw Kiswahilisv Svenskatg Тоҷикӣta தமிழ்te తెలుగుth ไทยtr Türkçeuk Українськаur اردوuz O‘zbekchavi Tiếng Việtcy Cymraegxh isiXhosayi יידישyo Yorùbázu Zulu
Scroll to Top