Created
April 17, 2012 16:09
-
-
Save xeoncross/2407214 to your computer and use it in GitHub Desktop.
blowfish hashing using PHP's crypt and mcrypt library
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
# From my question and answer at SO: | |
# http://stackoverflow.com/questions/10183103/security-of-generating-hash-salts-using-phps-mt-rand | |
function blowfish($string, $salt = NULL, $iterations = '12') | |
{ | |
return crypt($string, $salt ?: "$2a\$$iterations$" . md5(mcrypt_create_iv(22, MCRYPT_DEV_URANDOM))); | |
} | |
$password = 'password'; | |
$hash = blowfish($password); | |
if($hash == blowfish($password, $hash)) | |
{ | |
print "Matches\n"; | |
print $hash . "\n"; | |
} | |
print "Running a hashing loop...\n"; | |
$time = microtime(TRUE); | |
for ($i = 0; $i < 100; $i++) | |
{ | |
blowfish('password' + $i); | |
} | |
print (microtime(TRUE) - $time) . " ms\n\n"; |
The IV that mcrypt returns is not the allowed ./A-Za-z0-9
set of characters that is required by blowfish. Even the faster base64_encode
would not return the correct set since it allows things like "+".
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What's the purpose of that md5 hash?