   #PHP Manual String functions crc32 echo

   PHP Manual
   Prev  Next
   ______________________________________________________________________

                                     crypt

   (PHP 3, PHP 4 )
   crypt -- One-way string encryption (hashing)

Description

   string crypt ( string str [, string salt])

   crypt() will return an encrypted string using the standard Unix
   DES-based encryption algorithm or alternative algorithms that may be
   available on the system. Arguments are a string to be encrypted and an
   optional salt string to base the encryption on. See the Unix man page
   for your crypt function for more information.

   If the salt argument is not provided, one will be randomly generated
   by PHP.

   Some operating systems support more than one type of encryption. In
   fact, sometimes the standard DES-based encryption is replaced by an
   MD5-based encryption algorithm. The encryption type is triggered by
   the salt argument. At install time, PHP determines the capabilities of
   the crypt function and will accept salts for other encryption types.
   If no salt is provided, PHP will auto-generate a standard two
   character salt by default, unless the default encryption type on the
   system is MD5, in which case a random MD5-compatible salt is
   generated. PHP sets a constant named CRYPT_SALT_LENGTH which tells you
   whether a regular two character salt applies to your system or the
   longer twelve character salt is applicable.

   If you are using the supplied salt, you should be aware that the salt
   is generated once. If you are calling this function recursively, this
   may impact both appearance and security.

   The standard DES-based encryption crypt() returns the salt as the
   first two characters of the output. It also only uses the first eight
   characters of str, so longer strings that start with the same eight
   characters will generate the same result (when the same salt is used).

   On systems where the crypt() function supports multiple encryption
   types, the following constants are set to 0 or 1 depending on whether
   the given type is available:

     * CRYPT_STD_DES - Standard DES-based encryption with a two character
       salt
     * CRYPT_EXT_DES - Extended DES-based encryption with a nine
       character salt
     * CRYPT_MD5 - MD5 encryption with a twelve character salt starting
       with $1$
     * CRYPT_BLOWFISH - Blowfish encryption with a sixteen character salt
       starting with $2$

     Note: There is no decrypt function, since crypt() uses a one-way
     algorithm.

   Example 1. crypt() examples
   <?php
   $password = crypt("My1sTpassword"); // let salt be generated
   # You should pass the entire results of crypt() as the salt for
   comparing a
   # password, to avoid problems when different hashing algorithms are
   used. (As
   # it says above, standard DES-based password hashing uses a
   2-character salt,
   # but MD5-based hashing uses 12.)
   if (crypt($user_input, $password) == $password) {
      echo "Password verified!";
   }
   ?>

   See also md5() and the Mcrypt extension.
   ______________________________________________________________________

   Prev  Home Next
   crc32  Up  echo
