PHP crypt() Function

Last Updated:

PHP crypt()

The crypt() function encrypts a string using DES, Blowfish, MD5, or alternative algorithms that may be available on the system.

The salt parameter is optional. However, crypt() creates a weak hash without the salt.

Note: It is recommended to use password_hash() to generate a strong salt.

Warning: There is no decrypt function. The crypt() function uses a one-way algorithm.

Warning: This function is not (yet) binary safe!

Example

PHP Compiler
<?php $str = crypt("PHP World", 'shhh'); echo ($str); ?>

Syntax

crypt(str, salt)

Parameter Values

ValueTypeExplanation
crypt Required Specifies the string to be encrypted
salt Optional Specifies a string to base the hashing on.

Return Value

ValueExplanation
String Returns a hashed string.

Hash Types

On systems where the crypt() function supports multiple hash types, the following constants are set to 0 or 1 depending on whether the given type is available:

Hash TypesExplanation
CRYPT_STD_DES Standard DES-based hash with a two character salt from the alphabet "./0-9A-Za-z".
Using invalid characters in the salt will cause crypt() to fail.
CRYPT_EXT_DES Extended DES-based hash.
The "salt" is a 9-character string consisting of an underscore followed by 4 bytes of iteration count and 4 bytes of salt.
These are encoded as printable characters, 6 bits per character, least significant character first.
The values 0 to 63 are encoded as "./0-9A-Za-z".
Using invalid characters in the salt will cause crypt() to fail.
CRYPT_MD5 MD5 hashing with a twelve character salt starting with $1$.
CRYPT_BLOWFISH Blowfish hashing with a salt as follows: "$2a$", "$2x$" or "$2y$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z".
Using characters outside of this range in the salt will cause crypt() to return a zero-length string.
The two digit cost parameter is the base-2 logarithm of the iteration count for the underlying Blowfish-based hashing algorithmeter and must be in range 04-31, values outside this range will cause crypt() to fail.
CRYPT_SHA256 SHA-256 hash with a sixteen character salt prefixed with $5$.
If the salt string starts with 'rounds=<N>$', the numeric value of N is used to indicate how many times the hashing loop should be executed, much like the cost parameter on Blowfish.
The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999.
Any selection of N outside this range will be truncated to the nearest limit.
CRYPT_SHA512 SHA-512 hash with a sixteen character salt prefixed with $6$.
If the salt string starts with 'rounds=<N>$', the numeric value of N is used to indicate how many times the hashing loop should be executed, much like the cost parameter on Blowfish.
The default number of rounds is 5000, there is a minimum of 1000 and a maximum of 999,999,999.
Any selection of N outside this range will be truncated to the nearest limit.

Share this Page

Meet the Author