Correctly using crypt() with SHA512 in PHP

Asked 19/8, 2013 at 2:55 Answered 5/5, 2022 at 4:28

All the examples online show the use of crypt like this:

$pass = crypt('something','$6$rounds=5000$anexamplestringforsalt$');

But everyone says that you are not supposed to define the rounds or the salt.

So how should I use it?

Also I am having a problem: when I run the code above, it only runs 50 rounds instead of 5000 rounds as if the system is stopping it.

Any help will be greatly appreciated.

//- Solution -//

I have found some of these to be useful:

For generating Salt:

Here is a random way of generating salt

$randomString = random_bytes(32);

Base 64 encode to ensure that some characters will not cause problems for crypt

$salt = base64_encode($randomString);

For Hashing:

$hashed = crypt($passwordInput, '$6$'.$salt);

To Confirm:

if (crypt($passwordInput, $hashed) == $hashed) { 
  // Valid action
} else { 
  // Invalid action
}

** Special Thanks to @lathspell for help with arriving at above solution **

Hedges answered 19/8, 2013 at 2:55 Comment(5)

Out of interest: how are you determining how many rounds it actually does? – Pendragon 19/8, 2013 at 5:29

Because the output shows: $6$rounds=50$ob0t0FFYzA4Az0FlWjjOaXzflUuCfQn8qKrA75JRgoiElmy35zLVF7u4558SxPXoNWSaUmLDKxPYDtpvuWIWs1 – Hedges 19/8, 2013 at 5:33

Possibly a bug in some older versions? → 3v4l.org/BplEG Actually, according to the manual SHA-512 did not exist until 5.3.2...!? – Pendragon 19/8, 2013 at 5:40

Ok @Pendragon 's suggestion that it may be a bug is correct, I checked my CP and turned out it jumped back to PHP 5.2. I'll have to figure out why later. Also, Is there an answer for the Main question? about how it should be displayed. – Hedges 19/8, 2013 at 15:25

I removed the code to generate a password with str_shuffle because it has max 32 bits of entropy and likely less (because str_shuffle is not cryptagraphically secure) – Warden 15/10, 2020 at 14:17

The main reason to run the algorithm for a certain amount of rounds is simply to slow it down to make brute forcing attacks uninteresting. For that 5000 iterations are enough even for modern hardware. You could as well use 100000 but then your server admin would probably want to have a word with you :-) rounds=5000 is the default for SHA-512. The minimum is 1000 and the maximum very high.

Scream answered 19/8, 2013 at 22:15 Comment(5)

So how would I write the php code for the generally accepted SHA-512 Crypt Algo? – Hedges 21/8, 2013 at 21:39

for encryption: $salt = substr(str_shuffle("./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"), 0, 8); $hashed = crypt($passwordInput, '$6$'.$salt); to verify: if (crypt($passwordInput, $hashed) == $hashed) { echo "valid"; } else { echo "invalid"; } – Scream 22/8, 2013 at 15:43

Ok Thank You! I will make a post with what I will use. – Hedges 22/8, 2013 at 18:13

You could throw in a str_repeat() before the str_shuffle() – Marginalia 30/8, 2013 at 19:24

To not be vulnerable to timing attacks one should use the hash_equals function instead of ==. – Lithomarge 26/11, 2018 at 14:31

Use OpenSSL for salt generation, it's even more random. And maybe 20000 rounds to future proof your code a bit.

function cryptPassword($password, $salt = "", $rounds = 20000)
{
    if ($salt == "")
    {
        // Generate random salt
        $salt = substr(bin2hex(openssl_random_pseudo_bytes(16)),0,16);
    }
    // $6$ specifies SHA512
    $hash = crypt($password, sprintf('$6$rounds=%d$%s$', $rounds, $salt));

    return $hash;
}

Chukar answered 8/6, 2017 at 7:2 Comment(0)

hash could be an option. You can use hash('sha512', $stringInput);

Larcener answered 5/5, 2022 at 4:28 Comment(1)

I suggest you think about the fact if it is useful to answer an already answered question that is 8 years old. – Speck 6/5, 2022 at 9:56

Recommended topics

Hot tags