I was having some problems with crypt() so I wrote a function to make hashing passwords MUCH easier:
Code: Select all
<?php
function hasher($info, $encdata = false)
{
$strength = "08";
//if encrypted data is passed, check it against input ($info)
if ($encdata) {
if (substr($encdata, 0, 60) == crypt($info, "$2a$".substr($encdata, 4, 2)."$".substr($encdata, 60))) {
return true;
}
else {
return false;
}
}
else {
//make a salt and hash it with input, and add salt to end
$salt = "";
for ($i = 0; $i < 22; $i++) {
$salt .= substr("./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", mt_rand(0, 63), 1);
}
//return 82 char string (60 char hash & 22 char salt)
return crypt($info, "$2a$".$strength."$".$salt).$salt;
}
}
?>
I hope some of you find this useful. I published this on the crypt() manual, but I saw this forum and liked it, and wanted to make a first post that was useful to someone. Hope this helps, criticism is welcome! Moore's law compatibility is controlled via the $strength var, that controls the difficulty of the hashing function. This is as secure as password hashing really gets.
It's my own drop in replacement for PHPass basically.