By | June 10, 2017

PHP blowfish encryption uses crypt() function.

PHP crypt() function

PHP crypt() function returns a hashed string using Blowfish.


  • str -is the string that is to be hashed.
  • salt-a string to base hashing on. Though salt is optional, crypt()creates weak passwords without salt.

PHP blowfish encryption

To start using Blowfish, we need to invoke crypt() function. Blowfish hashing begins with a salt.

The blowfish salt take the form of [algorithm][cost]$. Here algorithm can be $2a$, $2y$, $2x$. Cost is a base-two algorithm that determines number of iteration to do between 2^4 to 2^31 and and 22 characters from the alphabet “./0-9A-Za-z”.

Here $2a$ is the algorithm and 07 tells the 7 iterations to do.

To create a salt we determine allowed characters, their length and the length of salt. Then we use loop to generate a salt. It will use a mt_rand(0,length) function to randomly select from the allowed characters.

For example a sample salt will be: QUqMQGGgU1eomv80GNGzS

Next we need to call the crypt() function.

Example of hashed string $2a$07$QUqMQGGgU1eomv80GNGzS.KkOnmzlbdvOEzuis2a.YLBdv6dAV3vi

PHP blowfish encryption

PHP blowfish encryption
Article Name
PHP blowfish encryption
The blowfish salt take the form of [algorithm][cost]$.
Publisher Name
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *