// This is to find what the longest a string can be and still make a unique crypt.
// I'm intentionally using the same salt each time. Otherwise, it wouldn't be a good
// test of this. :)
// This is quite intensive on some of those crypts, so you can run this on your own machine,
// or look at my results in find_max_crypt_result.html . The code is here for reference.
$maxtries = "269";
print "Testing up to $maxtries character string length
\n";
foreach (get_defined_constants() as $key => $val){
$salt = '';
if (
(strpos($key, "CRYPT_") !== FALSE) &&
($val == "1")
){
if ($key == "CRYPT_STD_DES"){
$salt = 'aa';
}elseif ($key == "CRYPT_EXT_DES"){
$salt = '_0001aaaa';
}elseif ($key == "CRYPT_MD5"){
$salt = '$1$aaaaaaaaaaaa';
}elseif ($key == "CRYPT_BLOWFISH"){
$salt = '$2a$07$aaaaaaaaaaaaaaaaaaaaaa';
}elseif ($key == "CRYPT_SHA256"){
$salt = '$5$rounds=1000$aaaaaaaaaaaaaaaa';
}elseif ($key == "CRYPT_SHA512"){
$salt = '$6$rounds=1000$aaaaaaaaaaaaaaaa';
}else{
// print "Help, I don't know what to do with Crypt $key!
\n";
// die ("Unknown crypt $key\n");
};
if ($salt){
$res = check_maxlen($salt, $maxtries);
if ($res == "unk"){
print "$key - No Maxlength Found with Salt \"$salt\"
\n";
}else{
print "$key - Maxlength $res with \"$salt\"
\n";
};
};
};
};
function check_maxlen($salt, $maxtries){
// print "Checking salt: $salt\n";
while (1){
$string .= "a";
$thislen = strlen($string);
$thiscrypt = crypt($string, $salt);
// print "$salt - $thiscrypt
\n";
if ($thislen > 1){
if ("$thiscrypt" == "$lastcrypt"){
// print "Salt: $salt - Max Usable Length " . $thislen - 1 ."
\n";
$string = "";
return($thislen - 1 );
};
// break at an arbitrary length so this doesn't run forever.
if ($thislen >= $maxtries){
// print "Salt: $salt: No max length found
\n";
return("unk");
};
};
$lastcrypt = $thiscrypt;
};
};