0

I use password_hash function in PHP to hash the user passwords before I store them in the database.

I use the default algorithm (ie. CRYPT_BLOWFISH) to hash the passwords. For the cost value I use 12 instead of 10. But one thing that I am not sure is the bit length of the encrypted password. is it 64, 128, 256 bit?

Also, does increasing the cost value increases the bit length?

Thanks

Jaylen
  • 39,043
  • 40
  • 128
  • 221
  • It seems like you could test this pretty easily. But here is the wiki that explains it pretty well: http://en.wikipedia.org/wiki/Blowfish_(cipher) – vesuvious Aug 06 '14 at 22:56
  • It is still not clear to me how many bits does it encrypt with. How would I test it? – Jaylen Aug 06 '14 at 23:01
  • I'm not familiar with cryptography, but the documentation (http://php.net/manual/en/function.password-hash.php) says it will always result in a 60 character string. wouldn't that mean the encrypted password will be 480 bits? – kennypu Aug 06 '14 at 23:47

1 Answers1

0

The PHP BCrypt implementation will generate base64 encoded strings with a length of 60 characters. This string contains all the parameters like salt and cost factor.

If your question is about the maximum number of characters that are used to generate the password, there is a limit with 72 characters. That means you can hash passwords of every length, but only the first 72 characters are used for the calculation (see How to hash long passwords...).

Community
  • 1
  • 1
martinstoeckli
  • 23,430
  • 6
  • 56
  • 87
  • I know that the length of the password is 72. My question is what is the hashing length. For example md5 function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. – Jaylen Aug 07 '14 at 13:59
  • @Mike - The actual hash length is 192-bit encoded to 31 (base-64) characters. But unlike an MD5 hash, the length of a BCrypt hash alone is meaningless, because you need the additional information cost-factor and salt. – martinstoeckli Aug 07 '14 at 14:15