What is the maximum string input in crypt() function?

Question

I think I have reached the limit for crypt($string) at 72 chars. Here is the code:

<?php   
$p = '0123456789abcdefghij0123456789abcdefghij0123456789abcdefghij0123456789++';
var_dump($p);

$salt = '$2y$12$' . substr(str_replace('+', '.', 
            base64_encode(sha1(microtime(true), true))), 0, 22);
var_dump($salt);

$hash = crypt($p, $salt);
var_dump($hash);

var_dump($hash === crypt($p, $hash));
var_dump($hash === crypt($p.'a', $hash));
var_dump($hash === crypt($p.'-or-anthing else beyond this...', $hash));

Output is:

string(72) "0123456789abcdefghij0123456789abcdefghij0123456789abcdefghij0123456789++"
string(29) "$2y$12$nLe2d618C6YN0FQ0vODGvz"
string(60) "$2y$12$nLe2d618C6YN0FQ0vODGvutzCR5h0ngWmDSXtFdSt2dPAW5vgPd1e"
bool(true)
bool(true)
bool(true)

Is it normal behaviour that 72 char is the maximum input string?

Answer 1

Yes, after investigating a little, the bcrypt algorithm is limited to 72 characters. Anything beyond that gets truncated.

However, being a hashing algorithm designed for password hashing, I doubt you'll ever need to worry about that limitation.