Generating Password Hash In PHP 5.5 And Setting Cost Option

Question

I know PHP 5.5 is in alpha but this class I am making is just being made in advance to utilize it\'s hashing feature by using function_exists().

I checked out the pa

Answer 1

Disclaimer: this is with PHP 5.3.10, but it seems not really different from your description.

The cost applies to the cost of computation. When you increase the cost value, it takes longer to hash the password

function blowfish_salt($cost)
{
    $chars = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
    $salt = sprintf('$2y$%02d$', $cost);
    for ($i = 0; $i < 22; ++$i)
        $salt .= $chars[rand(0,63)];

    return $salt;
}

$password = 'My perfect password';
$cost = $argv[1];
$salt = blowfish_salt($cost);
$hash = crypt($password, $salt);

When I run this on my (old) machine as

php mycrypt.php 10

it returns immediately (~0.2 sec), whereas with

php mycrypt.php 16

it takes about 5.2 seconds.