2

In this highly-praised answer to the question How do you use bcrypt for hashing passwords in PHP?, the code delegates the cryptographic calculation to the crypt function.

According to the original definition of bcrypt password hashing, three 64-bit blocks derived from the constant "OrpheanBeholderScryDoubt" should be Blowfish-encrypted 64 times. I would like to check that portion of the source code, in PHP sources if that's in there, or wherever PHP delegates; that's in order to improve this answer I made, and wikipedia's bcrypt entry as I read it now.

Where should I look for the source code of PHP's built-in crypt, and specifically the part used in bcrypt password hashing?

Community
  • 1
  • 1
fgrieu
  • 2,724
  • 1
  • 23
  • 53
  • 1
    have a look at [PHPass implementation](https://github.com/rchouinard/phpass/blob/master/library/Phpass/Hash/Adapter/Bcrypt.php) and here's a [simpler implementation](https://gist.github.com/1053158) and here's the [crypt.c](https://github.com/php/php-src/blob/master/ext/standard/crypt.c) from PHP-SRC – Adi Jun 25 '12 at 06:34
  • @AdnanShammout: thanks, but my question is _not_ about bcrypt in PHP; it is about the source of PHP's built-in crypt, as often used in bcrypt in PHP. I'll clarify the title of my question. – fgrieu Jun 25 '12 at 06:37
  • I have updated my comment, is that what you're looking for? – Adi Jun 25 '12 at 06:42
  • @AdnanShammout: thanks, your later link looks very useful. Now I need to follow that and find where `php_crypt_blowfish_rn` lives. – fgrieu Jun 25 '12 at 06:43

1 Answers1

1

I believe that the following links would be helpful

  • crypt.c from PHP-SRC
  • php_crypt_blowfish_rn in crypt_blowfish.c from PHP-SRC
Adi
  • 5,089
  • 6
  • 33
  • 47