View Full Version : Enable PHP CRYPT_BLOWFISH hash in Ubuntu
anothertestaccount
February 16th, 2013, 12:51 PM
Hi. Can anyone tell me how can I enable php CRYPT_BLOWFISH hash in Ubuntu? My php version is 5.4.6 and Ubuntu 12.1.
This is what i tried so far
<?php
class ChecksShell extends AppShell
{
private function blowfish_hash_example()
{
$user='testtesttesttestte';
$pass='pass';
return 'Blowfish hash example: '.crypt($pass,'$2y$12$'.$user.'$').'\n';
}
private function check_hash_algos()
{
if(CRYPT_BLOWFISH == 1):
echo 'Blowfish hash is enabled\n';
echo $this->blowfish_hash_example();
endif;
}
public function main()
{
$this->check_hash_algos();
}
}
this returns text unchanged, that is
$2y$12$testtesttesttestte$
Thanks.
SeijiSensei
February 16th, 2013, 04:13 PM
I don't know what you're trying to accomplish, but I use PHP's mcrypt functions for tasks like this: http://php.net/manual/en/book.mcrypt.php
anothertestaccount
February 16th, 2013, 06:07 PM
I am trying to hash passwords.
greenpeace
February 16th, 2013, 07:49 PM
Hi,
I confess that I don't understand it well, but I've seen that passing a different salt to the function gives different (better) results.
Here's a quick test that I made, loosely based on your code...
<?php
class CryptTest {
private function do_crypty_thing() {
$user = 'testtesttesttestte';
$pass = 'pass';
$salt1 = '$2y$12$'.$user.'$';
$salt2 = '!2y!12!'.$user.'!';
echo "Blowfish hash example 1 with salt ".$salt1.": " . crypt($pass, $salt1) . "\n";
echo "Blowfish hash example 2 with salt ".$salt2.": " . crypt($pass, $salt2) . "\n";
}
public function main() {
return $this->do_crypty_thing();
}
}
$ct = new CryptTest();
$ct->main();
?>
and the response from the script:
gp@mariachi:~/test$ php crypt.php
Blowfish hash example 1 with salt $2y$12$testtesttesttestte$: $2y$12$testtesttesttestte$
Blowfish hash example 2 with salt !2y!12!testtesttesttestte!: !2GUKV5zZMaQE
Can you change your salt?
Ps. I've done a little more research into the salts, and it's worth taking a look on the 3rd answer to the following question for an explanation: http://stackoverflow.com/questions/2192354/php-crypt-and-salt-more-clarification-please
it uses a base64 alphabet composed of [a-zA-Z0-9./], with $ as the null (NOT 0) terminating/padding character. If you use any characters outside of that range, or a $ too early, it will either error out or not interpret the entirety of the salt.
hope that helps!
gp
anothertestaccount
February 17th, 2013, 07:05 PM
Thanks, this gets a result. Any workaround for same hashes?
For example if I use salt
$user = 'testtesttesttestte';
and
$user = 'abcdabcdabcdabcdabcdab';
I get the same hash.
greenpeace
February 17th, 2013, 08:42 PM
I don't get the same hash here for these salts... try checking your implementation to make sure you don't have any bugs in it.
Powered by vBulletin® Version 4.2.2 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.