What is PHP crypt() Function?
If you want to create a one-way hash of a string, use PHP crypt() Function. To create hash, this function uses algorithms like DES, MD5, Blowfish, SHA-256, and SHA-512 depending on the system and the salt format.
Hash or hashing is a mathematical process that converts a variable size data to a fixed length string.
How the Function Works?
- The function takes an input string (usually a password) and a salt.
- The prefix of the salt determines which algorithm to use (See following ones) and, then the function adds randomness to it to prevent identical inputs from producing identical hashes.
- $1$ – MD5 algorithm
- For Blowfish (bcrypt)-
- $2a$ – Blowfish (old) algorithm
- $2b$ – Blowfish (buggy) algorithm
- $2y$ – Blowfish (current) algorithm
- $5$ – SHA-256 algorithm
- $6$ – SHA-512 algorithm
- 2 characters – DES algorithm
- _ (underscore) – Extended DES algorithm
- Then, the algorithm runs the string and salt through multiple rounds of mathematical computation.
- At last, the function returns the hashed string which includes the provided salt.
Syntax:
crypt(string, salt)
Parameters:
The Function has 2 required parameters –
string (Required): It specifies the string to be hashed.
salt (Required): It specifies a string that controls how the hash is created and which algorithm is used. Let’s check the supported algorithms-
- DES (Data Encryption Standard) – It uses 2-character salt from the set [a-zA-Z0-9./] – ex. “ab”, “z/” etc. It uses the first 8 characters of password. The output becomes 13 characters long of which first 2 characters are salt and the next 11 is hash. Check example 1.
- Extended DES (Data Encryption Standard) – It uses 9-character salt from the set [a-zA-Z0-9./] starting with underscore (_). The output becomes 20 characters long. Check example 2.
- MD5- It starts with $1$. Check example 3.
- Blowfish (bcrypt) – It starts with $2a$, $2x$, or $2y$. Check example 4.
- SHA-256 – It starts with $5$. Ex. $5$salt123$. Check example 5.
- SHA-512 – It starts with $6$. Ex. $6$salt123$. Check example 6.
Return Values:
The function returns the hashed string.
Examples:
Example 1:
<?php
$password = "12345678";
$salt = "ab";
$hash = crypt($password, $salt);
echo "A Hash created with DES algorithms is: " . $hash . "<br />";
echo "& its length is: " . strlen($hash);
?>
Output:
A Hash created with DES algorithms is: ab1iBa.N.U2C6
& its length is: 13
Example 2:
<?php
$password = "SamplePassword";
$salt = "_A./yth19";
$hash = crypt($password, $salt);
echo "A Hash created with Extended DES algorithms is: " . $hash . "<br />";
echo "& its length is: " . strlen($hash);
?>
Output:
A Hash created with Extended DES algorithms is: _SALT1234hO3GHK.kt9s
& its length is: 20
Example 3:
<?php
$password = "SamplePassword";
$salt = '$1$as98dfDh$';
$hash = crypt($password, $salt);
echo "A Hash created with MD5 algorithms is: " . $hash . "<br />";
echo "& its length is: " . strlen($hash);
?>
Output:
A Hash created with MD5 algorithms is: $1$salt123$HFj8CXc4SuNP05hrBtZqS1
& its length is: 33
Example 4:
<?php
$password = "mySecretPassword";
$salt = '$2y$10$abcdefghijklmnopqrstuv';
$hash = crypt($password, $salt);
echo "A Hash created with Blowfish algorithms is: " . $hash . "<br />";
echo "& its length is: " . strlen($hash);
?>
Output:
A Hash created with Blowfish algorithms is: $2y$10$abcdefghijklmnopqrstuuZxSsLW04Zyp8iza632PpD.ghEs3atPW
& its length is: 60
Example 5:
<?php
$password = "SamplePassword";
$salt = '$5$abcdefghijklmnop$';
$hash = crypt($password, $salt);
echo "A Hash created with SHA-256 algorithms is: " . $hash . "<br />";
echo "& its length is: " . strlen($hash);
?>
Output:
A Hash created with SHA-256 algorithms is: $5$abcdefghijklmnop$YPirnIxRyhzOgae8Rb2DVgcEvMGIzqYi2xYsa9kLKV1
& its length is: 63
Example 6:
<?php
$password = "SamplePassword";
$salt = '$6$shortsalt$';
$hash = crypt($password, $salt);
echo "A Hash created with SHA-512 algorithms is: " . $hash . "<br />";
echo "& its length is: " . strlen($hash);
?>
Output:
A Hash created with SHA-512 algorithms is: $6$shortsalt$3Er82wIeGqk.XT94oRUCvzfgcT3Wpf6n2I2i73gcoVc/G/9q1K636.PGF.CUfpcTjTzfYAvF3Ha71MohbPcwU.
& its length is: 99
Practical Usages of crypt() Function:
Practical usages include-
- Password generation
- Password verification. Check following example-
<?php $input = "SamplePassword"; $storedHash = '$2y$10$abcdefghijklmnopqrstuuPcerRS0z2PM4psgHix6RkQhy5dTwMz6'; if ($storedHash === crypt($input, $storedHash)) { echo "Password matched."; } else { echo "Wrong password."; } ?>Output:
Password matched.
Notes on crypt() Function:
- It is mainly used for password hashing, but in modern PHP it is not recommended for this. Instead you can use password_hash() function.
- It is a one-way hashing function meaning, after hashing you can’t turn it back to the original string.
PHP Version Support:
PHP 4, PHP 5, PHP 7, PHP 8
Summary: PHP crypt() Function
crypt() is a built-in string functions in PHP. Use this function to convert a string to its hashed value.