1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
|
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- $Revision: 1.11 $ -->
<!-- splitted from ./en/functions/strings.xml, last change in rev 1.2 -->
<refentry id="function.crypt">
<refnamediv>
<refname>crypt</refname>
<refpurpose>One-way string encryption (hashing)</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>string</type><methodname>crypt</methodname>
<methodparam><type>string</type><parameter>str</parameter></methodparam>
<methodparam choice="opt"><type>string</type><parameter>salt</parameter></methodparam>
</methodsynopsis>
<para>
<function>crypt</function> will return an encrypted string using the
standard Unix <abbrev>DES</abbrev>-based encryption algorithm or
alternative algorithms that may be available on the system. Arguments
are a string to be encrypted and an optional salt string to base the
encryption on. See the Unix man page for your crypt function for more
information.
</para>
<simpara>
If the salt argument is not provided, one will be randomly
generated by PHP each time you call this function.
</simpara>
<simpara>
Some operating systems support more than one type of encryption. In
fact, sometimes the standard DES-based encryption is replaced by an
MD5-based encryption algorithm. The encryption type is triggered by the
salt argument. At install time, PHP determines the capabilities of the
crypt function and will accept salts for other encryption types. If no
salt is provided, PHP will auto-generate a standard two character salt by
default, unless the default encryption type on the system is MD5, in
which case a random MD5-compatible salt is generated. PHP sets a
constant named CRYPT_SALT_LENGTH which tells you whether a regular two
character salt applies to your system or the longer twelve character salt
is applicable.
</simpara>
<simpara>
If you are using the supplied salt, you should be aware that the salt is
generated once. If you are calling this function repeatedly, this may
impact both appearance and security.
</simpara>
<simpara>
The standard DES-based encryption <function>crypt</function> returns the
salt as the first two characters of the output. It also only uses the
first eight characters of <parameter>str</parameter>, so longer strings
that start with the same eight characters will generate the same result
(when the same salt is used).
</simpara>
<simpara>
On systems where the crypt() function supports multiple
encryption types, the following constants are set to 0 or 1
depending on whether the given type is available:
</simpara>
<itemizedlist>
<listitem>
<simpara>
CRYPT_STD_DES - Standard DES-based encryption with a two character salt
</simpara>
</listitem>
<listitem>
<simpara>
CRYPT_EXT_DES - Extended DES-based encryption with a nine character salt
</simpara>
</listitem>
<listitem>
<simpara>
CRYPT_MD5 - MD5 encryption with a twelve character salt starting with
$1$
</simpara>
</listitem>
<listitem>
<simpara>
CRYPT_BLOWFISH - Blowfish encryption with a sixteen character salt
starting with $2$ or $2a$
</simpara>
</listitem>
</itemizedlist>
<note>
<simpara>
There is no decrypt function, since <function>crypt</function>
uses a one-way algorithm.
</simpara>
</note>
<example>
<title><function>crypt</function> examples</title>
<programlisting role="php">
<![CDATA[
<?php
$password = crypt('mypassword'); // let the salt be automatically generated
/* You should pass the entire results of crypt() as the salt for comparing a
password, to avoid problems when different hashing algorithms are used. (As
it says above, standard DES-based password hashing uses a 2-character salt,
but MD5-based hashing uses 12.) */
if (crypt($user_input, $password) == $password) {
echo "Password verified!";
}
?>
]]>
</programlisting>
</example>
<example>
<title>Using <function>crypt</function> with htpasswd</title>
<programlisting role="php">
<![CDATA[
<?php
// Set the password
$password = 'mypassword';
// Get the hash, letting the salt be automatically generated
$hash = crypt($password);
?>
]]>
</programlisting>
</example>
<example>
<title>Using <function>crypt</function> with different encryption types</title>
<programlisting role="php">
<![CDATA[
<?php
if (CRYPT_STD_DES == 1) {
echo 'Standard DES: ' . crypt('rasmuslerdorf', 'rl') . "\n";
}
if (CRYPT_EXT_DES == 1) {
echo 'Extended DES: ' . crypt('rasmuslerdorf', '_J9..rasm') . "\n";
}
if (CRYPT_MD5 == 1) {
echo 'MD5: ' . crypt('rasmuslerdorf', '$1$rasmusle$') . "\n";
}
if (CRYPT_BLOWFISH == 1) {
echo 'Blowfish: ' . crypt('rasmuslerdorf', '$2a$07$rasmuslerd...........$') . "\n";
}
?>
]]>
</programlisting>
&example.outputs.similar;
<screen>
<![CDATA[
Standard DES: rl.3StKT.4T8M
Extended DES: _J9..rasmBYk8r9AiWNc
MD5: $1$rasmusle$rISCgZzpwk3UhDidwXvin0
Blowfish: $2a$07$rasmuslerd............nIdrcHdxcUxWomQX9j6kvERCFjTg7Ra
]]>
</screen>
</example>
<simpara>
See also <function>md5</function> and <link linkend="ref.mcrypt">the
Mcrypt extension</link>.
</simpara>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"../../../../manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->
|
