Can mcrypt perform the same algorithms supported by crypt()?

1
votes

I have an app that runs on PHP 5.3 which stores passwords hashed using PHP's crypt() function. However the hashing type (SHA 512) used is not available by default on one of the servers I'm now using which runs PHP 5.2. I've seen that with mcrypt you get a lot more flexibility but it's also more complicated to use.

Is it possible to use PHP's mcrypt functions to get the same results as with crypt (using a SHA512 salt)?

So if I input "test" with an SHA512 salt the encrypted data should be the same when using crypt() as well as when using mcrypt().

If it's not possible, can anyone give me advice on what else to do? Unfortunately upgrading to PHP 5.3 is not an option (it's a cloud server and I don't have the time to write the scripts for that).

2
phphashmcryptcryptsha512

2 Answers

2
votes

Can anyone tell me if it's possible to use php5's mcrypt function to get the same results as with crypt

No. Mcrypt provides functions for encryption and decryption. crypt, despite its deceptive name, provides functions for hashing. These are not the same task. Mcrypt does not provide any hashing functions, and the algorithm you want to use (SHA-512) is a hashing algorithm.

You cannot hash passwords with Mcrypt. That isn't its job. Its role and crypt's are different and do not overlap.

0
votes

Unfortunately MCrypt doesn't have the SHA512 cipher - you can take a look at the list of ciphers here:

http://www.php.net/manual/en/mcrypt.ciphers.php