PHP crypt()的输出长度是多少? [英] What is the output length of PHP crypt()?
问题描述
PHP的输出长度是多少?crypt()?
md5()
输出是128位,并产生一个32字符的字符串,所以在数据库中,你把它放在 char(32)
列中,那么 crypt()
?
注意:完全限于以这种方式提问,请参阅 http://php.net/隐藏
更多详情:
crypt
总是返回散列字符串或长度小于13个字符的字符串,
示例:
让我们从一个简单的 crypt
调用和一个有效的双字符salt的标准基于DES的散列:
$ p $ 13 :: 2(salt)+ 11(hash - 64 bits,base 64)
$如果你使用PHP的 crypt
,并且特定的MD5(这里更好的命名为:md5crypt, MD5(Unix),FreeBSD MD5,Cisco-IOS MD5; Hashcat模式500)和一个空盐,输出长度为:
26 :: 3(`$ 1 $`)+ 0(空盐)+1(`$`)+ 22(散列 - 128位,基数64)
如果在PHP的
crypt
默认为所述MD5并且它被称为不指定salt的系统上,则 crypt
会生成salt。这种盐通常是8个字符。然后输出长度为: 34 :: 3(`$ 1 $`)+ 8(salt)+ 1(`$ `)+ 22(散列)
在这种情况下,数据库表列 char(32)
会在插入或截断时报告错误 - 取决于您使用的是哪个数据库服务器。
但是MD5的例子是我没有选择它,因为你在你的问题中使用了它,但是你不应该使用带有 crypt
的MD5(参见: Md5crypt Password Scrambler已被作者认为是不安全的。 。
相反,我们来看看Blowfish哈希( CRYPT_BLOWFISH
)。它有一个两位数的 cost 参数,并且盐的长度始终为22(如果给出的盐更短,则填充 $
s):
pre $ 60 $ 4 $($ 2y $`)+ 3(cost`$`)+ 22(salt)+ 1 (```)+ 53(散列)
对于Blowfish crypt hash算法(bcrypt,OpenBSD Blowfish; Hashcat模式3200)有一个固定的长度60然后。
正如你所看到的输出长度取决于所使用的散列算法,盐的长度甚至还有一些散列特定的参数,比如 cost 。
如果您例如选择使用999 999 999轮次的SHA512和16字节长的盐,输出长度为: 123 :: 3(`$ 6 $`)+ 17(`rounds = 999999999 $`) + 16(salt)+1(`$`)+ 86(散列)
这个例子是也许有点极端,只是为了显示图片。
其他 crypt
相关问题:
what's the output length of PHP crypt()
?
md5()
output is 128 bits and produce a string with 32 chars, so in data base you put that in a char(32)
column, what about the crypt()
?
Note: It is totally limited to ask the question that way, see http://php.net/crypt
Some more details:
- On success the length of the returned string can vary between 13 and 123.
- The output length depends on the hash algorithm used. It remains undefined in your question.
- The output length depends on the salt passed to the function. It remains undefined in your question.
crypt
always returns the hashed string or a string that is shorter than 13 characters and is guaranteed to differ from the salt on failure.
Examples:
Lets start lightly with a simple crypt
call and a valid two-character salt for a standard DES-based hash:
13 :: 2 (salt) + 11 (hash - 64 bits, base 64)
If you use PHP's crypt
and specificly MD5 (here better named: md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5; Hashcat mode 500) and an empty salt, the output length is:
26 :: 3 (`$1$`) + 0 (empty salt) + 1 (`$`) + 22 (hash - 128 bits, base 64)
If on a system where PHP's crypt
defaults to the said MD5 and it is called not specifying a salt, crypt
will generate the salt. This salt is normally 8 characters long. The output length then is:
34 :: 3 (`$1$`) + 8 (salt) + 1 (`$`) + 22 (hash)
In this case, your database table column char(32)
would either report an error on insert or truncate - depending on which database server you are using.
But the MD5 example is moot, I picked it because you have it in your question, but you should not use MD5 with crypt
(see: Md5crypt Password scrambler is no longer considered safe by author).
Instead lets take a look into Blowfish hashing (CRYPT_BLOWFISH
). It has a two digit cost parameter and always a salt length of 22 (if a shorter salt is given, it is padded with $
s):
60 :: 4 (`$2y$`) + 3 (cost `$`) + 22 (salt) + 1 (`$`) + 53 (hash)
For the Blowfish crypt hash-algorithm (bcrypt, OpenBSD Blowfish; Hashcat mode 3200) there is a fixed length of 60 then.
As you can see the output length depends on the used hash-algorithm, the length of the salt and even some hash specific parameters like the cost.
If you for example opt of SHA512 with 999 999 999 rounds and a 16 byte long salt, the output length is:
123 :: 3 (`$6$`) + 17 (`rounds=999999999$`) + 16 (salt) + 1 (`$`) + 86 (hash)
This example is a little bit extreme maybe, just to show the picture.
Other crypt
related questions:
- Alternative to crypt()
- Comparing passwords with crypt() in PHP
- Can you convert the output of php crypt() to valid MD5?
这篇关于PHP crypt()的输出长度是多少?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!