Results 1 to 6 of 6

Thread: Enable PHP CRYPT_BLOWFISH hash in Ubuntu

  1. #1
    Join Date
    Feb 2013
    Beans
    4

    Enable PHP CRYPT_BLOWFISH hash in Ubuntu

    Hi. Can anyone tell me how can I enable php CRYPT_BLOWFISH hash in Ubuntu? My php version is 5.4.6 and Ubuntu 12.1.

    This is what i tried so far
    Code:
    <?php
        class ChecksShell extends AppShell
        {
            private function blowfish_hash_example()
            {
                $user='testtesttesttestte';
                $pass='pass';
                
                return 'Blowfish hash example: '.crypt($pass,'$2y$12$'.$user.'$').'\n';
            }
    
            private function check_hash_algos()
            {
                if(CRYPT_BLOWFISH == 1):
                
                    echo 'Blowfish hash is enabled\n';
                    echo $this->blowfish_hash_example();
    
                endif;
            }
    
            public function main()
            {
                $this->check_hash_algos();
            }
        }
    this returns text unchanged, that is

    Code:
    $2y$12$testtesttesttestte$
    Thanks.
    Last edited by anothertestaccount; February 16th, 2013 at 01:11 PM.

  2. #2
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    11,304
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Enable PHP CRYPT_BLOWFISH hash in Ubuntu

    I don't know what you're trying to accomplish, but I use PHP's mcrypt functions for tasks like this: http://php.net/manual/en/book.mcrypt.php
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  3. #3
    Join Date
    Feb 2013
    Beans
    4

    Re: Enable PHP CRYPT_BLOWFISH hash in Ubuntu

    I am trying to hash passwords.

  4. #4
    Join Date
    Feb 2008
    Beans
    251
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Enable PHP CRYPT_BLOWFISH hash in Ubuntu

    Hi,
    I confess that I don't understand it well, but I've seen that passing a different salt to the function gives different (better) results.

    Here's a quick test that I made, loosely based on your code...

    PHP Code:
    <?php
      
    class CryptTest {

        private function 
    do_crypty_thing() {
            
    $user  'testtesttesttestte';
            
    $pass  'pass';

            
    $salt1 '$2y$12$'.$user.'$';
            
    $salt2 '!2y!12!'.$user.'!';

            echo 
    "Blowfish hash example 1 with salt ".$salt1.": " crypt($pass$salt1) . "\n";
            echo 
    "Blowfish hash example 2 with salt ".$salt2.": " crypt($pass$salt2) . "\n";
        }
         
        public function 
    main() {
            return 
    $this->do_crypty_thing();
        }
      }  
      
    $ct = new CryptTest();
      
    $ct->main();
    ?>
    and the response from the script:

    Code:
    gp@mariachi:~/test$ php crypt.php 
    Blowfish hash example 1 with salt $2y$12$testtesttesttestte$: $2y$12$testtesttesttestte$
    Blowfish hash example 2 with salt !2y!12!testtesttesttestte!: !2GUKV5zZMaQE
    Can you change your salt?

    Ps. I've done a little more research into the salts, and it's worth taking a look on the 3rd answer to the following question for an explanation: http://stackoverflow.com/questions/2...ication-please

    it uses a base64 alphabet composed of [a-zA-Z0-9./], with $ as the null (NOT 0) terminating/padding character. If you use any characters outside of that range, or a $ too early, it will either error out or not interpret the entirety of the salt.
    hope that helps!
    gp

  5. #5
    Join Date
    Feb 2013
    Beans
    4

    Re: Enable PHP CRYPT_BLOWFISH hash in Ubuntu

    Thanks, this gets a result. Any workaround for same hashes?

    For example if I use salt

    Code:
    $user  = 'testtesttesttestte';
    and

    Code:
    $user  = 'abcdabcdabcdabcdabcdab';
    I get the same hash.

  6. #6
    Join Date
    Feb 2008
    Beans
    251
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Enable PHP CRYPT_BLOWFISH hash in Ubuntu

    I don't get the same hash here for these salts... try checking your implementation to make sure you don't have any bugs in it.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •