The output that I noticed after some data was encrypted by the password_hash() function is around alphanumeric values and some special characters like $ . and / .
Are there any more special characters besides these?
Which character types are generated by the password_hash () function?
1
asked by anonymous 11.02.2018 / 22:38
2 answers
2
Read the documentation .
You're seeing salt ( understand more about it ), this part is not part of the hash .
Generally speaking, it does not matter what is being generated. If the software has any limitations on this it is probably wrong.
11.02.2018 / 23:26
1
password_hash() supports two formats, one for BCrypt and one for Argon2:
- BCrypt: "similar" to Modular Crypt Format
- Argon2: PHC String Format
In summary, PHP uses, for BCrypt something very close to the MCF:
$<algoritmo>$<custo>$<salt><hash>
The <algoritmo> is the name of the algorithm and version, the cost is a numerical value, of the computational cost chosen.
<salt> and <hash> can have [a-zA-Z0-9./] , which is just base64, changing + to . .
Argon2 follows a similar line, but it is exactly the PHC String Format:
$<algoritmo>$<parametro-versao>$<parametro-custo>$<salt>$<hash>
The <algoritmo> can use [a-z0-9-] . Since <parametro-versao> can have a name using [a-z0-9-] and its value is a hexadecimal, but the rule can use [a-zA-Z0-9/+.-] , it is divided by = , therefore it is v=19 , for example, indicating be "version = 1.3".
<parametro-custo> can also have a name of [a-z0-9-] and a value can be represented in [a-zA-Z0-9/+.-] . Currently it uses the parameters of m , for memory, t time, p of parallelism. Its values are numeric, also dividing by = , then something like m=1024,t=2,p=2 .
<salt> and <hash> are represented by [a-zA-Z0-9/+.-] .
Finally, it uses a-z , A-Z , 0-9 , / , . , - , + , $ , = . >
14.02.2018 / 01:01