Blowfish salt length for the Crypt() function?
Asked Answered
S

1

10

According to the crypt() documentation, the salt needs to be 22 base 64 digits from the alphabet "./0-9A-Za-z".

This is the code example they give:

crypt('rasmuslerdorf', '$2a$07$usesomesillystringforsalt$');

The first confusing part is that salt has 25 characters, not 22.

Question #1: Does that mean the salt is supposed to be longer than 22 characters?

Then I tested the function myself and noticed something. If I use a 20 character salt, I get this

// using 20 char salt: 00000000001111111111
crypt('rasmuslerdorf', '$2a$07$00000000001111111111$');
// $2a$07$00000000001111111111$.6Th1f3O1SYpWaEUfdz7ieidkQOkGKh2

So, when I used a 20 character salt, the entire salt is in the output. Which is convenient, because I do not have to store the salt in a separate place then. (I want to use random salts). I would be able to read the salt back out of the generated hash.

However, if I use a 22 character salt as the documentation says, or a longer one, the salt is cut off at the end.

// using 22 char salt: 0000000000111111111122
crypt('rasmuslerdorf', '$2a$07$0000000000111111111122$');
// $2a$07$000000000011111111112uRTfyYkWmPPMWDRM/cUAlulrBkhVGlui
// 22nd character of the salt is gone

// using 25 char salt: 0000000000111111111122222
crypt('rasmuslerdorf', '$2a$07$0000000000111111111122222$');
// $2a$07$000000000011111111112uRTfyYkWmPPMWDRM/cUAlulrBkhVGlui
// Same hash was generated as before, 21 chars of the salt are in the hash

Question #2: So, what exactly is the proper length of a salt? 20? 22? Longer?

Question #3: Also, is it a good idea to read the salt out of the hash when it is time to check passwords? Instead of storing the salt in a separate field and reading it from there. (Which seems redundant since the salt seems to be included in the hash).

Shingly answered 13/1, 2011 at 17:52 Comment(0)
L
8

Blowfish salts should be 22 chars long (including the trailing $, so 21) - you can double check with var_dump(CRYPT_SALT_LENGTH), I can't verify this now but my guess is that less chars will return an error and more chars will be truncated.

Regarding your third question: yes, you should read and check the hash using the embedded salt (and cost) parameters from the hash itself.

Leaflet answered 13/1, 2011 at 18:30 Comment(3)
CRYPT_SALT_LENGTH is returning 60 on my Win7 machine, 123 on Ubuntu.Shingly
@Burak Guzel: According to the manual PHP sets a constant named CRYPT_SALT_LENGTH which indicates the longest valid salt allowed by the available hashes.Leaflet
@Burak Guzel: CRYPT_SALT_LENGTH gives back 60 until PHP 5.3.1, but 123 from 5.3.2. This is because SHA-256 (64 char long salt) and SHA-512 (123 char long salt) were introduced with PHP 5.3.2.Riff

© 2022 - 2024 — McMap. All rights reserved.