Home/ Questions/Q 8266781
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T05:17:06+00:00

I have been looking into the options for handling passwords for user login and

  • 0

I have been looking into the options for handling passwords for user login and I had some questions about how to use CRYPT_BLOWFISH. I read about how to implement it but I would like to understand it better before I start to play with it.

so I was planning on doing something like this:

 function genBlowfishSalt()
 {
      //return random string for Salt
 }

 $hash = crypt($password, '$2a$12$'. genBlowFishSalt());

my questions are as follows:

1) What is ‘$2a$12$’ ?

2) I understand that I would have to store the salt for each user in this case, I suppose it would be acceptable to store it without its own hash? Does the salt get appended to the hashed value?

3) Upon login, how would I run a comparison of hashed values?

4) I also read that there was a concept of needing to store a number of iterations for each user, how does that factor in with the hashing of the password?

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    1) That is the salt of the hash, you need to make the salt more random (EG different salt for each user for maximum protection)

    2) Yes you can store the salt in one field and the salted hash in another.

    3) You would to the following steps

    1. Get the password and username from the form
    2. Grab the salt from the database, and then crypt() the password string with that salt
    3. The new string that you get (hashed+salted password) you would then compare that with the database (EG is username = xxx and password = zz9zjz9) and see if any rows are returned, if there are rows returned then you know that it is the right password and log the person in.

    4) I’m not sure what you mean, please elaborate!

    • 0