Which character types are generated by the password_hash () function?

1

The output that I noticed after some data was encrypted by the password_hash() function is around alphanumeric values and some special characters like $ . and / .

Are there any more special characters besides these?

    
asked by anonymous 11.02.2018 / 22:38

2 answers

2

Read the documentation .

You're seeing salt ( understand more about it ), this part is not part of the hash .

Generally speaking, it does not matter what is being generated. If the software has any limitations on this it is probably wrong.

    
11.02.2018 / 23:26
1

password_hash() supports two formats, one for BCrypt and one for Argon2:

In summary, PHP uses, for BCrypt something very close to the MCF:

$<algoritmo>$<custo>$<salt><hash>

The <algoritmo> is the name of the algorithm and version, the cost is a numerical value, of the computational cost chosen.

<salt> and <hash> can have [a-zA-Z0-9./] , which is just base64, changing + to . .

Argon2 follows a similar line, but it is exactly the PHC String Format:

$<algoritmo>$<parametro-versao>$<parametro-custo>$<salt>$<hash>

The <algoritmo> can use [a-z0-9-] . Since <parametro-versao> can have a name using [a-z0-9-] and its value is a hexadecimal, but the rule can use [a-zA-Z0-9/+.-] , it is divided by = , therefore it is v=19 , for example, indicating be "version = 1.3".

<parametro-custo> can also have a name of [a-z0-9-] and a value can be represented in [a-zA-Z0-9/+.-] . Currently it uses the parameters of m , for memory, t time, p of parallelism. Its values are numeric, also dividing by = , then something like m=1024,t=2,p=2 .

<salt> and <hash> are represented by [a-zA-Z0-9/+.-] .

Finally, it uses a-z , A-Z , 0-9 , / , . , - , + , $ , = . >

    
14.02.2018 / 01:01