Current Location: Home> Latest Articles> SHA-256 and SHA-512 algorithms using crypt() ($5$ and $6$)

SHA-256 and SHA-512 algorithms using crypt() ($5$ and $6$)

M66 2025-05-31

In PHP, the crypt() function is a powerful cryptographic encryption tool that supports a variety of encryption algorithms, including hash encryption based on SHA-256 and SHA-512. These two algorithms are distinguished by prefixes of $5$ and $6$ in the crypt() function. This article will explain in detail how to use these two methods to encrypt passwords and provide corresponding sample code.

Introduction to crypt() function

crypt() is a function used for one-way encryption in PHP, usually used for hashing of passwords. When using it, you can control the encryption algorithm and encryption results by specifying "salt" .

 string crypt(string $string, string $salt)

  • $string : The original string that needs to be encrypted.

  • $salt : The encryption algorithm and its configuration, the format varies from algorithm to algorithm.

SHA-256 Encryption ($5$)

SHA-256 is a commonly used cryptographic hash function, which is enabled by the $5$ prefix in the crypt() function. You can optionally add "rounds" and custom salt values.

 $password = 'mypassword';
$salt = '$5$rounds=5000$mysaltvalue$';
$hash = crypt($password, $salt);
echo $hash;

illustrate:

  • $5$ specifies the use of SHA-256.

  • rounds=5000 Set the number of encryption rounds (optional).

  • mysaltvalue is a salt value string that can be customized.

  • The encryption results will start with $5$ for easy identification.

The example output might be:

 $5$rounds=5000$mysaltvalue$5O2dlyLbMFx.kPQzMt4HZG4lDHzs9DGx85xuRSkjRA/

SHA-512 Encryption ($6$)

Similarly, SHA-512 can also be implemented via crypt() , just change the prefix to $6$ .

 $password = 'mypassword';
$salt = '$6$rounds=10000$customsalt$';
$hash = crypt($password, $salt);
echo $hash;

illustrate:

  • $6$ Enable SHA-512 encryption.

  • rounds=10000 indicates that 10000 encryption iterations are performed.

  • customsalt is your salt value.

The example output might be:

 $6$rounds=10000$customsalt$WXnQmvLQu.wNcB3VJmfYB/mURR3p8ddmdvYqTbWn1l6gBBR4vlmMHI8LtkYmK5I24T2MGk7pDODDZAxU2ueCd0

Generate random salt values

For safety, the salt value should be as random as possible. Here is a simple function to generate salt values:

 function generateSalt($length = 16) {
    return bin2hex(random_bytes($length / 2));
}

$password = 'mypassword';
$salt = '$6$rounds=10000$' . generateSalt() . '$';
$hash = crypt($password, $salt);
echo $hash;

Application scenarios and security tips

  1. User password storage : It is not recommended to save the user password in plain text. Using crypt() with a safe salt value and a suitable number of rounds is a safe way.

  2. Compare passwords : When verifying passwords, the user input should be re-encrypted with the same salt value and then compared with the stored hash value.

  3. HTTPS transmission : Ensure encrypted data is transmitted through secure protocols such as https://m66.net to avoid man-in-the-middle attacks.

summary

Through this article, you can use PHP's crypt() function to combine $5$ and $6$ to implement secure encryption based on SHA-256 and SHA-512. This method is suitable for multiple scenarios such as login authentication and user information protection. Combining the strong salt value strategy and high round number settings can greatly improve the security of data.

Related