Home/ Questions/Q 4342814
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T11:40:03+00:00

I have decided to use crypt() to encrpyt my passwords on my database using

  • 0

I have decided to use crypt() to encrpyt my passwords on my database using a salt, as after much research it seems the best option.

I am curious though as to why this works and gets a match:

$info['password'] == crypt($_POST['password'])

And comparing identically like this doesn’t:

$info['password'] === crypt($_POST['password'])

Any ideas?

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The documentation explains the phenomenon you’re experiencing. The second argument documentation states:

    An optional salt string to base the hashing on. If not provided, the behaviour is defined by the algorithm implementation and can lead to unexpected results.

    There’s every chance you’ll get 10 different values when you run the following:

    <?php
$string = "password";
for ($i = 0; $i < 10; $i++) {
    echo crypt($string) . "\n";
}

    I get the following:

    $1$sWCzgR2e$vjR1CagStx0QbRYy/VbWm.
$1$C5TexeGI$ifWZ3mhGKthQ.ZW1UEswl/
$1$miA.EAYy$A6amxA.B4HvebndP/2ydx1
$1$izL6b3lz$hKncuA4oGv.8DAlAcybm..
$1$EqPefzSc$1XvQFf7pqFeuFz68lA1tv0
$1$njFWwWUo$NeQxtRHyUUzivVhidQSt5/
$1$LH3CVBV1$IIPPuHPUNL04ODtuRw0WR0
$1$/K75BwgK$MhSmhXtXF9Gn6ujx3YgE30
$1$OfddZpSQ$4u.dgsAWe4M/bOerUYTxr0
$1$G6JPvJpQ$aGvHluWRSy659MUe9P/aN.

    I’d recommend using your database salt as the second argument for your crypt($password, $salt) call.

    • 0