1
The output I noticed after some data was encrypted by the function password_hash() is around alphanumeric values and some special characters like $ . and /.
There are more special characters than these cited?
2 answers
2
Give a read on documentation.
Are you seeing the salt (understand more about it), this part is not part of the hash generated.
Generally speaking it does not matter what is being generated. If the software has some limitation regarding this it is probably wrong.
-
Actually it’s just curious. Because php’s MD5 function generates only numeric Alpha outputs. Hence the curiosity in password_hash output();
2
The password_hash() supports two formats, one for Bcrypt and one for Argon2:
- Bcrypt: "similar" to Modular Crypt Format
- Argon2: PHC String Format
In short, PHP uses, for Bcrypt something very close to MCF:
$<algoritmo>$<custo>$<salt><hash>
The <algoritmo> is the name of the algorithm and version, the cost is a numerical value, of the computational cost chosen.
The <salt> and the <hash> may have [a-zA-Z0-9./], which is precisely Base64, changing the + for ..
Argon2 follows a similar line, but is exactly the PHC String Format:
$<algoritmo>$<parametro-versao>$<parametro-custo>$<salt>$<hash>
The <algoritmo> can use [a-z0-9-]. Already the <parametro-versao> may have a name using [a-z0-9-] and its value is a hexadecimal, but by the rule can use [a-zA-Z0-9/+.-], he is divided by a =, so he is v=19, for example, indicating "version = 1.3".
The <parametro-custo> may also have a name of [a-z0-9-] and a value can be represented in [a-zA-Z0-9/+.-]. Currently it uses the parameters of m, for memory’s sake, the t of time, the p of parallelism. Its values are numerical, also divided by =, then something like m=1024,t=2,p=2.
The <salt> and the <hash> are represented by [a-zA-Z0-9/+.-].
At last he wears a-z, A-Z, 0-9, /, ., -, +, $, =.
-
Thanks, Inkeliz! Thank you very much!
Browser other questions tagged php security-guard hash password
You are not signed in. Login or sign up in order to post.
Have you read the documentation? You can define what type of hash you want it to generate, there are some types. Also, no matter the format, important is to have validation science with salt.
– Ivan Ferrer
Hi Ivan! I read yes! Already solved! Thanks, buddy! I was using the function incorrectly and created a doubt about the case, but Maniero gave a strength! Thanks!
– Fabio Sodre