This is my first time using the crypt() function in PHP, and I can't figure out why it isn't working. My code is based on this article: http://www.techrepublic.com/blog/australia/securing-passwords-with-blowfish/1274
function blowfishHash ($pw) {
//generate random salt
$salt = "$2y$10$";
for ($i = 0; $i < 22; $i++) {
$salt .= substr("./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", mt_rand(0, 63), 1);
}
$hash = crypt($pw, $salt);
//printout to file
$file = fopen("debug.txt", "w+");
fwrite($file, "\n\n\n".$pw);
fwrite($file, "\n\n\n".$salt);
fwrite($file, "\n\n\n".$hash);
fclose($file);
return $hash;
}
I called the function with the sample password "password".
The resultant salt was: $2y$10$NzRQNjTRfP4jXKvb4TCO.G
But the password was "$2mV0NZp92R3g" – which seems far too short.
Could someone please help me figure out what I'm doing wrong?
As you stated in your comment, you are using PHP 5.2.x.
The Blowfish implementation is only available in PHP >= 5.3.x. If for any reason it is not possible to install a newer PHP version, you could check here on more information on how to make Blowfish work with older PHP versions.