Solved thread

This post is marked as solved. If you think the information contained on this thread must be part of the official documentation, please contribute submitting a pull request to its repository.

Limit cipher size

Hi there, I wanted to use the bcrypt method from php to store passwords in the database. I have found that bcrypt has a max lenght result of 60 characters. I'm using the blowfish method of crypt phalcon, but doesnt have a maximum result size. Is there any way to fix a limit in the output(not in the input). For a 15 char input gives 72 char output...

A bcrypt hash consists of: $2$, $2a$ or $2y$ telling us the algorithm used, two digits indicating the cost parameter, then $ a 53 characters long base-64-encoded value. Total length is 59/60 chars

I don't totally understand what's the purpose. Are you explaining me the bcrypt? I know about bcrypt, but php bcrypt is based on blowfish, so I was just wondering if there's a way to fit that total lenght using the phalcon blowfish. Phalcon blowfish gave me even 350 characters Base64

A bcrypt hash consists of: $2$, $2a$ or $2y$ telling us the algorithm used, two digits indicating the cost parameter, then $ a 53 characters long base-64-encoded value. Total length is 59/60 chars

Can you please post the code that is showing you 350 characters?

I think with a code of more than 60 is enough, but you just need to increase the variable $text to reach that number or even higher.

<?php
        use Phalcon\Crypt;
        $text="textaroundfiftytwocharacterslong123456789";
        $crypt= new Crypt();
        $crypt->setCipher('blowfish');
        echo $crypt->encryptBase64($text, 'Phn6Au0S');
    ?>

Gives 77 chars: orcZ3fw+tlv2I5rfN+BLw29eX/YpM03Pjb0Et1xjcCm1fYFhCyS+/eO+FnkkeVknVzzNNerYtL8=

Can you please post the code that is showing you 350 characters?



33.6k
Accepted
answer

I thought you were generating hashes with Phalcon\Security.

Phalcon\Crypt generates two-way encrypted messages which means it requires to store every byte required to decrypt the message in its original form, so you always need more storage than the original message to store the value.

If you want to store passwords it's better to use Phalcon\Security: http://docs.phalconphp.com/en/latest/reference/security.html#password-hashing

Thankyou, is what I needed :)

I thought you were generating hashes with Phalcon\Security.

Phalcon\Crypt generates two-way encrypted messages which means it requires to store every byte required to decrypt the message in its original form, so you always need more storage than the original message to store the value.

If you want to store passwords it's better to use Phalcon\Security: http://docs.phalconphp.com/en/latest/reference/security.html#password-hashing