(PHP) How to use crypt() with CRYPT_BLOWFISH?

Question

First, I see that to use CRYPT_BLOWFISH, i need to use a 16 char salt starting with $2a$. However, the php.net documentation for crypt() says that some systems don\'t suppor

Answer 1

For PHP before 5.3.0 crypt() used the lib supplied by the OS. If you are using an earlier version, then you'd need to check your OS documentation to see if it is supported (check the value of the CRYPT_BLOWFISH constant) - if not then the algorithm is implemented within the mcrypt() extension for PHP.

The example you've quoted from the docs doesn't seem to make much sense:

  $stored_password=fetch_password($user);

  if (crypt($_REQUEST['password'],$stored_password)===$stored_password) {
      // note that crypt automatically extracts the salt and alogrithm type
      // from $stored_password
      ....

You only need to specify the prefix ($2a$) when creating the password.

HTH

C.