1) How do you create secure Blowfish hashes of passwords with crypt()? $hash =

Question

0

Asked: May 20, 20262026-05-20T01:59:30+00:00 2026-05-20T01:59:30+00:00

1) How do you create secure Blowfish hashes of passwords with crypt()? $hash =

0

1) How do you create secure Blowfish hashes of passwords with crypt()?

$hash = crypt('somePassword', '$2a$07$nGYCCmhrzjrgdcxjH$');

1a) What is the significance of “$2a”? Does it just indicate that the Blowfish algorithm should be used?
1b) What is the significance of “$07”? Does a higher value imply a more secure hash?
1c) What is the significance of “$nGYCCmhrzjrgdcxjH$”? Is this the salt that will be used? Should this be randomly generated? Hard-coded?

2) How do you store Blowfish hashes?

echo $hash;
//Output: $2a$07$nGYCCmhrzjrgdcxjH$$$$.xLJMTJxaRa12DnhpAJmKQw.NXXZHgyq

2a) What part of this should be stored in the database?
2b) What data type should be used for the column (MySQL)?

3) How should one verify a login attempt?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-20T01:59:31+00:00

You should store the entire output of crypt, there’s not a lot of point in splitting it up, because you need to generate a new salt for each password you’re hashing in any case. Using a fixed hidden salt as mentioned by Matt is wrong – the salt should be different for every hash.

For more information see http://www.openwall.com/articles/PHP-Users-Passwords – I recommend using the phpass library because it handles generating a random salt for you, unlike crypt().

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

1) How do you create secure Blowfish hashes of passwords with crypt()? $hash =

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply