PHP String crypt() Function
The PHP String crypt() function is used to return a hashed string using the DES, Blowfish, or MD5 algorithms.
The behavior of this function varies depending on the operating system. PHP decides which algorithms are accessible and which to use when it is installed.
Using the salt argument is optional. But crypt() produces a weak password in the event of the salt. Make sure to specify a strong enough salt for added security.
A few constants are used in combination with the crypt() method. These constants' values are set when PHP is installed.
Note: You will find that there is no decrypt function. The cipher() function uses a one-way method.
Syntax
Below is the syntax of the PHP String crypt() function −
string crypt( string $string, string $salt )
Parameters
Below are the parameters of the crypt() function −
$string − It specifies the string to be hashed. And it is required parameter.
$salt − It is a salt string to base the hashing on. It is an optional parameter.
Return Value
The crypt() function returns the encoded string or in the event of a failure, a string that is less than 13 characters and is likely to be different from the salt.
Hash Types Supported
The below hash types are supported with the crypt() function −
CRYPT_STD_DES
This is the simplest type of hash.
It uses a standard DES hash.
Needs a 2-character salt from ./0-9A-Za-z.
Wrong characters in the salt will make it fail.
CRYPT_EXT_DES
It is an advanced version of the DES hash.
Uses an extended DES hash.
Salt is 9 characters: an underscore _, 4 characters for count, and 4 characters for salt.
Only characters ./0-9A-Za-z can be used.
CRYPT_MD5
It is a common hashing algorithm for passwords.
Uses MD5 hash.
Needs a 12-character salt starting with $1$.
CRYPT_BLOWFISH
It is strong and secure hashing method.
Uses Blowfish hash.
Salt starts with $2a$, $2x$, or $2y$, followed by a 2-digit cost (04-31), $, and 22 characters from ./0-9A-Za-z.
Use $2y$ for new hashes. $2x$ is weak.
CRYPT_SHA256
This is a modern and secure option for hashing.
Uses SHA-256 hash.
Needs a 16-character salt starting with $5$.
Can specify rounds (how many times it hashes) with rounds=<N>$. Default is 5000 (range: 1000-999,999,999).
CRYPT_SHA512
The most secure option among these hashing methods.
Uses SHA-512 hash.
Needs a 16-character salt starting with $6$.
Like SHA-256, you can set rounds with rounds=<N>$. Default is 5000.
PHP Version
First introduced in core PHP 4 the crypt() function continues to function easily in PHP 5, PHP 7, and PHP 8.
Example 1
First we will show you the basic example of the PHP String crypt() function to get the hashed string using the given password string.
<?php // Mention the password here $password = "mypassword"; // DES needs a 2-character salt $salt = "AB"; // Use crypt() function here $hashed = crypt($password, $salt); // Print the result here echo "Hashed password with DES: " . $hashed; ?>
Output
Here is the outcome of the following code −
Hashed password with DES: AB06lnfYxWIKg
Example 2
In the below PHP code we will try to use the crypt() function and uses MD5 for hashing by specifying a salt in the $1$ format.
<?php // Mention password here $password = "mypassword"; // MD5 format salt $salt = "$1$somesalt$"; // Use crypt() function here $hashed = crypt($password, $salt); // Print the result here echo "Hashed password with MD5: " . $hashed; ?>
Output
This will generate the below output −
Hashed password with MD5: $1$$xyAQ/aL.VY49zzXfVYUfK0
Example 3
This application shows how to use the Blowfish method in crypt() function by providing a salt in the $2y$ format.
<?php $password = "hereis@mypassword"; // Blowfish salt $salt = "$2y$10$1234567890123456789012"; // Use crypt() function here $hashed = crypt($password, $salt); echo "Hashed password with Blowfish: " . $hashed; ?>
Output
This will create the below output −
Hashed password with Blowfish: $2y$10$123456789012345678901u7ry8LdBesyj7pMj5.tcAJtl9If5qI4a