开发者

How do the salt argument and return value for PHP's crypt() function work?

Normally if I have a password, I would use this pseudocode:

$password = "this is the user's password";
/***/
$salt = GenerateSalt();
$hash = Hash($password);
$hash = Hash($hash . $salt);

However, as I understand it, PHP has a crypt() function which takes a salt as well as the number of iterations of a particular algorithm. Apparently you are.. supposed to pass the returned hash of开发者_如何转开发 crypt back into crypt as the salt. I do not understand this.

Can anyone please clarify how crypt works? Do I still need to append my own salt and rehash? In that case, would I just use a fixed salt for crypt, and then generate a separate crypt for each user? Or does crypt's $salt parameter take care of that for me?


The output of crypt consists of:

  • (optionally an algorithm identifier + load factor)
  • the salt for the used algorithm
  • the real hash

When you pass this output als "salt" back to crypt, it will extract the right algorithm and salt, and use these for the operation. If there is only an algorithm mentioned, it uses this one and generate random salt. Otherwise it will choose a default algorithm and generate random salt. The hash part in the passed salt parameter is ignored.

So you can simply compare your stored_hash with crypt(password, stored_hash) - if it is equal, it quite likely was the right password.

Here is an pseudocode explanation (in PHP-like syntax) how crypt works:

function crypt($password, $salt)
{
  if (substr($salt,0 1) == "_") {
     $count = substr($salt, 1, 4);
     $real_salt = substr($salt, 5, 4);
     return "_" . $count . $real_salt . crypt_ext_des($password, $count, $salt);
  }
  if(substr($salt, 0, 3) == "$1$") {
     list($ignored, $real_salt, $ignored) = explode("$", $salt);
     return "$1$" . $real_salt . "$" . crypt_md5($password, $real_salt);
  }
  if(substr($salt, 0, 4) == "$2a$") {
      $cost = substr($salt, 4, 2);
      $real_salt = substr($salt, 7, 22);
      return "$2a$" . $cost . "$" . $real_salt . crypt_brypt($password, $real_salt, $cost);
  }
  // ... SHA256 and SHA512 analogons

  // no match => STD_DES
  $real_salt = substr($salt, 0, 2);
  return $real_salt . crypt_std_des($password, $real_salt);
}

The individual crypt_xxx functions then do the real work, depending on the algorithm. (Actually, the generation of random salt is missing in this description. It will be done if the $real_salt is empty.)


crypt is one-way hashing, like MD5

Use it like stated in manual

<?php
$password = crypt('mypassword'); // let the salt be automatically generated

/* You should pass the entire results of crypt() as the salt for comparing a
   password, to avoid problems when different hashing algorithms are used. (As
   it says above, standard DES-based password hashing uses a 2-character salt,
   but MD5-based hashing uses 12.) */
if (crypt($user_input, $password) == $password) {
   echo "Password verified!";
}
?>
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜