I'm using this function to generate a password:
function generarPassword($password, $cost=11){
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
$salt='$'.implode('$',array("2y",str_pad($cost,2,"0",STR_PAD_LEFT),$salt));
return crypt($password,$salt);
}
My problem is that when I use it on a 64-bit server, the result is this:
$2y$11$1ws6drmcqHCWG8wj5bm5s.R8Opc0.JEjXy0.P9UsHjqoxjZQ5GYLW
And when I use it on a 32-bit server, the result is this:
$2uUq69/OVG3M
So, I have two questions:
$salt is the same length in bothThanks!
CRYPT_BLOWFISH - Blowfish hashing with a salt as follows: "$2a$", "$2x$" or "$2y$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z". Using characters outside of this range in the salt will cause crypt() to return a zero-length string
PHP before 5.3.7 only support "$2a$" as the salt prefix: PHP 5.3.7
Your $salt does not meet the 22 characters from the alphabet constraint of the blowfish algorithm. You need to review your processes on generating a proper salt.
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
echo $salt.' ('.strlen($salt).')';
// example: D3Zc0fv8BBLKYnpH0iSV0w== (24)
Secondly, you are using a prefix $2y$ which is only supported after PHP 5.3.7. Both of these are concerns you need to address if you're using this code on two different systems.