When using crypt for generating a password has using sha512, I’m not sure if there is a bug somewhere, I’m not doing it quite right or it’s actually correct. An example has I get is:
Just doesn’t seem to sit right. The salt I’m using is a 70 character alphanumeric string and the PHP version I’m using is 5.4.3 (Wamp server). Has anyone else had a similar start to their sha512 hash when using crypt() ?
I don’t know why you actually see this as something inappropriate? The fact that the cost is presented in plain text? The same thing happens with BLOWFISH except there is no “rounds=” string. I admit this is strange as the characters are redundant and use up space for no reason. The same happens on my 5.3.23 installation, I have no idea why the output is made to look like this.
However, I can see there are some errors in how you use crypt. First, $6 shouldn’t be repeated and the string should not end with $:
And second, the salt can be maximum 16 characters long, anything more is ignored.
Edit: Examples in PHP docs show an ending $ after the salt, however this is not mentioned in the actual explanation for each algorithm on the crypt page and I find it is actually optional.
