Providing a salt for encryption with 'crypt()' isn't affecting the output + questions on crypt

0
votes

I have this code in a PHP page which I am running multiple times. Every time I refresh the page, the salt changes (as it should), but the hash output stays the same.

$iv = mcrypt_create_iv(22);
$ro = rand(6, 9);
$salt = '$2y$'.$ro.'$'.$iv.'$';
echo $salt;
echo '<br />';
$crypt = crypt('test', $salt);
echo $crypt;

Shouldn't the random salt affect the output and make it so that every time I refresh the page the crypt result changes too?

I also have a few general questions on crypt().

Is there any way for you to use a specific hashing algorithm with this function? I would like to use the blowfish algorithm.

Is it the salt length/format that affects which algorithm it chooses?

Lastly, should the salt length for the blowfish algorithm always be 22 characters, or is that just the maximum?

By the way, if anyone is wondering (and if it matters for answering these questions and wasn't obvious), I'm planning to use something similar to store hashed passwords.

Thank you for looking!

1
phpcrypt

1 Answers

3
votes

The crypt() function on your system does not support the "2y" algorithm. At least Linux GLIBC 2.7 based systems only know DES, $2a$ (blowfish), $5$ (SHA-256) and $6$ (SHA-512). Therefore, the crypt() function assumed DES and only took the first two characters "$2" as salt. That of course produced always the same output.

Try SHA-512 for secure password hashes:

$salt_chars = array_merge(range('A','Z'), range('a','z'), range(0,9));
$salt = '$6$';
for($i=0; $i < 8; $i++) { $salt .= $salt_chars[array_rand($salt_chars)]; }
echo "salt=$salt\n";

$crypt = crypt('test', $salt);
echo "crypt=$crypt\n";

Regarding your second question, you can chose the algorithm by starting the salt with e.g. "$2a$" (instead the $6$ above) for blowfish. Read "man 2 crypt" for details. For some algorithms you can also encode more parameters like "rounds=4000" into the salt.

According the the crypt() manpage, the salt may be up to 16 characters following the $id$. Longer salts will silently be truncated and produce the same output as for only the first 16 characters.

BTW, even in /etc/shadow, passwords only use 8 characters of salt with the SHA-512 algorithm. As the salt is only to make rainbow table attacks harder, this seems sufficient.