English
English
In PHP, the crypt() function is a commonly used encryption function, which is mainly used to encrypt strings in one-way, especially when dealing with password storage. This article will parse the parameters of the crypt() function in detail and demonstrate through examples how to safely encrypt strings using PHP's crypt() function.
crypt() is a built-in encryption function in PHP and is implemented based on Unix's crypt() function. It uses different encryption algorithms (such as DES, MD5, Blowfish, SHA-256, SHA-512, etc.) to encrypt the input string and return the encrypted string.
Function prototype:
string crypt ( string $str [, string $salt ] )
$str : A string that needs to be encrypted, usually a password.
$salt (optional): Used to specify the encryption algorithm and salted string. Different salts determine the encryption algorithm and the results.
This is a plaintext string to be encrypted, usually the user's password.
Salt parameters are the key to determining the encryption algorithm and the results. Different formats of salt represent different algorithms:
Default DES encryption <br> Salt with a length of 2 characters, for example: "ab"
This is the most original encryption method, with weak security and is not recommended.
MD5 Encryption <br> Start with $1$ and followed by a salt of up to 8 characters, for example: "$1$m66net12$"
This is encrypted using the MD5 algorithm.
Blowfish Encryption <br> Start with $2a$ , $2y$ , $2b$, etc., followed by a 2-digit number to represent the cost factor and 22-digit salt, for example: "$2y$10$m66netsaltsaltsaltsaltsaltsa$"
Blowfish is a relatively safe algorithm.
SHA-256 Encryption <br> Start with $5$ and then salt, for example: "$5$m66net$"
SHA-512 Encryption <br> Start with $6$ and then salt, for example: "$6$m66net$"
// MD5 Salt example
$salt_md5 = '$1$m66net12$';
// Blowfish Salt example,10 It's the cost factor(cost factor)
$salt_blowfish = '$2y$10$m66netsaltsaltsaltsa$';
// SHA-256 Salt example
$salt_sha256 = '$5$m66net$';
// SHA-512 Salt example
$salt_sha512 = '$6$m66net$';
The following is a few examples to show how to encrypt strings using the crypt() function.
$password = "mypassword";
$salt = "m6"; // 2Character salt
$hashed = crypt($password, $salt);
echo "DESEncryption results:" . $hashed;
$password = "mypassword";
$salt = '$1$m66net12$'; // by $1$ The salt at the beginning
$hashed = crypt($password, $salt);
echo "MD5Encryption results:" . $hashed;
$password = "mypassword";
$salt = '$2y$10$m66netsaltsaltsaltsa$'; // Blowfish,cost10
$hashed = crypt($password, $salt);
echo "BlowfishEncryption results:" . $hashed;
$password = "mypassword";
$salt = '$6$m66net$';
$hashed = crypt($password, $salt);
echo "SHA-512Encryption results:" . $hashed;
After encrypting the password, re-encrypt the entered password with the same salt when verifying, and then compare whether the results are the same.
// Assume that the password hash saved in the database
$stored_hash = '$6$m66net$........'; // 从数据库取出的Encryption results
// Password entered when the user logs in
$input_password = "mypassword";
// Remove the salt,Usually stored_hash The first few parts,The specific length depends on the algorithm
$salt = substr($stored_hash, 0, strrpos($stored_hash, '$') + 1);
// Reencrypt the password with the same salt
$input_hash = crypt($input_password, $salt);
if ($input_hash === $stored_hash) {
echo "Password verification succeeded";
} else {
echo "Password verification failed";
}
The crypt() function supports a variety of encryption algorithms and is determined by salt parameters.
It is recommended to use the Blowfish ( $2y$ ) or SHA-512 ( $6$ ) algorithm, which is more secure.
The salt must be random and unique and must be in the correct format.
When password verification, encrypt the password again using the salt in the encrypted hash value, and then compare.
