How to find out which algorithm crypt() uses on your machine?

Question

I am not sure which algorithm crypt() uses when hashing. I looked on the PHP manual, but it just says that it uses whatever is available. But how do I know which one it uses, and if it does use one, how to tell it which one to use? I am using MAMP currently as my development environment, but I figure there must be a way to find out with a statement in PHP.

Answer 1

You specify the algorithm as part of the salt string. For example, starting with $2a$ gives you a Blowfish cypher. If the machine does not support the algorithm you are trying to use, you won't get a meaningful result. You can attempt to find out in advance which algorithms are supported by checking some of the predefined constants, such as CRYPT_BLOWFISH, although I have noticed that the constants CRYPT_SHA256 and CRYPT_SHA512 are not always defined, at least on PHP 5.2. Starting with PHP 5.3, PHP has its own implementations of the algorithms, so it does not matter what the system has available at PHP compile time like it does in PHP 5.2 and earlier. The Suhosin patch for PHP 5.2 supposedly adds at least Blowfish, but its implementation does not seem to be compatible with the one used in PHP 5.3.

The PHP docs for the crypt() function do provide some information on how to use the salt string to specify which algorithm to use:

• CRYPT_STD_DES - Standard DES-based hash with a two character salt from the alphabet "./0-9A-Za-z". Using invalid characters in the salt will cause crypt() to fail.
• CRYPT_EXT_DES - Extended DES-based hash. The "salt" is a 9-character string consisting of an underscore followed by 4 bytes of iteration count and 4 bytes of salt. These are encoded as printable characters, 6 bits per character, least significant character first. The values 0 to 63 are encoded as "./0-9A-Za-z". Using invalid characters in the salt will cause crypt() to fail.
• CRYPT_MD5 - MD5 hashing with a twelve character salt starting with $1$
• CRYPT_BLOWFISH - Blowfish hashing with a salt as follows: "$2a$", a two digit cost parameter, "$", and 22 digits from the alphabet "./0-9A-Za-z". Using characters outside of this range in the salt will cause crypt() to return a zero-length string. The two digit cost parameter is the base-2 logarithm of the iteration count for the underlying Blowfish-based hashing algorithmeter and must be in range 04-31, values outside this range will cause crypt() to fail.
• CRYPT_SHA256 - SHA-256 hash with a sixteen character salt prefixed with $5$. If the salt string starts with 'rounds=$', the numeric value of N is used to indicate how many times the hashing loop should be executed, much like the cost parameter on Blowfish. The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.
• CRYPT_SHA512 - SHA-512 hash with a sixteen character salt prefixed with $6$. If the salt string starts with 'rounds=$', the numeric value of N is used to indicate how many times the hashing loop should be executed, much like the cost parameter on Blowfish. The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999. Any selection of N outside this range will be truncated to the nearest limit.

So, to specify that you want the string "password" hashed using Blowfish with 2^10 iterations, you could use

crypt('password', '$2a$10$XA86t7EJ0xD9OYEUbnTulT');

where the string starting with XA86 is the salt.

Finally, if you want more examples or just want something to take care of all this password compatibility business for you, take a look at phpass. It is public domain and works nicely in my experience. It will automatically use the "best" algorithm on the system unless you specify that you want a hash that is compatible with multiple systems, in which case (I think) it uses MD5.