What is the correct format for a blowfish salt using PHP's crypt?

Question

I have read the information provided on the PHP Manual Entry for crypt(), but I find myself still unsure of the format for a salt to trigger the Blowfish algorithm.

A

Answer 1

The number following the 2a specifies the log2 of the number of rounds to perform. For example, 10 means do 1024 rounds. Usually, 10 is normal. Don't use numbers that are too big, or your password will take forever to verify.

See Why does BCrypt.net GenerateSalt(31) return straight away? for something related. :-)