PHP blowfish encryption

      No Comments on PHP blowfish encryption

PHP blowfish encryption uses crypt() function.

PHP crypt() function

PHP crypt() function returns a hashed string using Blowfish.

Syntax:

crypt(str,salt); 
  • str -is the string that is to be hashed.
  • salt-a string to base hashing on. Though salt is optional, crypt()creates weak passwords without salt.

PHP blowfish encryption

To start using Blowfish, we need to invoke crypt() function. Blowfish hashing begins with a salt.

The blowfish salt take the form of [algorithm][cost]$. Here algorithm can be $2a$, $2y$, $2x$. Cost is a base-two algorithm that determines number of iteration to do between 2^4 to 2^31 and and 22 characters from the alphabet “./0-9A-Za-z”.

//This string tells crypt to use blowfish for 7 rounds.
$Blowfish_Pre = '$2a$07$'; 
$Blowfish_End = '$';

Here $2a$ is the algorithm and 07 tells the 7 iterations to do.

To create a salt we determine allowed characters, their length and the length of salt. Then we use loop to generate a salt. It will use a mt_rand(0,length) function to randomly select from the allowed characters.

// allowed characters in salt

$Allowed_Chars ='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';

//length of characters
$Chars_Len = 63;

//length of salt

$Salt_Length = 21;

//variable that will hold salt value
$salt = "";

// loop to create salt
for($i=0; $i<$Salt_Length; $i++)
{
    $salt .= $Allowed_Chars[mt_rand(0,$Chars_Len)];
}

For example a sample salt will be: QUqMQGGgU1eomv80GNGzS

Next we need to call the crypt() function.

$bcrypt_salt = $Blowfish_Pre . $salt . $Blowfish_End;
$hashed_string = crypt($password, $bcrypt_salt);

Example of hashed string $2a$07$QUqMQGGgU1eomv80GNGzS.KkOnmzlbdvOEzuis2a.YLBdv6dAV3vi

PHP blowfish encryption

Summary
PHP blowfish encryption
Article Name
PHP blowfish encryption
Description
The blowfish salt take the form of [algorithm][cost]$.
Author
Publisher Name
Scanfcode
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *