1

Given this example taken from http://php.net/manual/en/function.crypt.php

crypt('rasmuslerdorf', '$2a$07$usesomesillystringforsalt$')

Firstly: What is the length that the salt has to be if the hashing method is BLOWFISH?

This is the output I get for the above example:

$2a$07$usesomesillystringsaled/4C6/vYhuH1f.Z/Kwf8X.c.e0jjHay

Is it intentional that the salt, rounds, and what method of hashing I'm using are stored in the returned string? When I store passwords hashed in this behavior, do I store the entirety of the string starting with $2a ?

When checking the entered password against the one in the DB, how can I retrieve the salt from the string if there isn't anything separating it from the rest of the hash?

EDIT: Why is this method any more secure than using, say, SHA512/256? If someone were to use a dictionary attack/brute force method on a bunch of hashes with the salts, would they be able to crack the passwords any quicker?

Improve this question

2 Answers 2

Reset to default
1

Yes, the storing of the salt and other encryption parameters in the string are intentional; it saves you having to do it manually and maintains backward-compatibility when the number of rounds must be updated.

As for the number of effective characters in the salt, it is 22. Therefore, these two lines will result in the same hash:

crypt('rasmuslerdorf', '$2a$07$usesomesillystringforsalt$')
crypt('rasmuslerdorf', '$2a$07$usesomesillystringforsalp$')

As for checking the result from the database, simply use the string from the database itself as the parameters for crypt.

Here is a demonstration.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

1) You need a 22 character salt, though not all bits of character 22 are used. This means that you can get the same hash, with a group of different character 22.

2) Storing the salt and the rounds in the resulting hash is indeed intentional. This way you can extract this information from the existing hash, and use it to check the user input. You should store the whole hash, which is 60 characters in length.

3) You don't need to extract the parameters from the hash to test against it, that does the PHP function crypt() for you. Just pass the existing hash as new crypt parameter. I tried to explain how it could be done in the article password hashes with bcrypt. If you are looking for a wellknown library you can look at phpass.

4) It is more secure, because it needs a certain amount of CPU time. Other hashes are designed to be fast, but that makes it possible to do a brute force attack with billions of passwords per second. The needed time can be adapted later with the cost factor, for new generations of computers.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.