Where do I look for the source of PHP's built-in crypt, as used in bcrypt password hashing?

2
votes

In this highly-praised answer to the question How do you use bcrypt for hashing passwords in PHP?, the code delegates the cryptographic calculation to the crypt function.

According to the original definition of bcrypt password hashing, three 64-bit blocks derived from the constant "OrpheanBeholderScryDoubt" should be Blowfish-encrypted 64 times. I would like to check that portion of the source code, in PHP sources if that's in there, or wherever PHP delegates; that's in order to improve this answer I made, and wikipedia's bcrypt entry as I read it now.

Where should I look for the source code of PHP's built-in crypt, and specifically the part used in bcrypt password hashing?

1
phpcryptography
have a look at PHPass implementation and here's a simpler implementation and here's the crypt.c from PHP-SRCAdi
@AdnanShammout: thanks, but my question is not about bcrypt in PHP; it is about the source of PHP's built-in crypt, as often used in bcrypt in PHP. I'll clarify the title of my question.fgrieu
I have updated my comment, is that what you're looking for?Adi
@AdnanShammout: thanks, your later link looks very useful. Now I need to follow that and find where php_crypt_blowfish_rn lives.fgrieu

1 Answers

1
votes

I believe that the following links would be helpful

  • crypt.c from PHP-SRC
  • php_crypt_blowfish_rn in crypt_blowfish.c from PHP-SRC