I'm using php's crypt() to hash passwords. I decided to go with blowfish algorithm and use salt. Salts in crypt() determine algorithm so blowfish's salt begins with $2y$xx$ where xx is cost parameter in range 4-31 (Refer to http://php.net/manual/pl/function.crypt.php). I'm also using bin2hex and openssl random generator to get random salt. As I understand it setting it higher will require more computing time and make brute-force attack longer.
My problem is that I can't get my script to work with cost parameter set over 17. When ran from the browser page is loading approx 1min and then stops with blank page. Not even echo. Why is that? How could I use 30 instead of 17? Is this a matter of my php server settings ?
Here's code:
<?php
$reps=17;
echo 'pre';
echo crypt('passwdMike',"$2y$".$reps."$".bin2hex(openssl_random_pseudo_bytes(22)));
echo 'post';
?>
Edit: I can go with higher factors from command line. 18 was under minute. 30 waiting over 10minutes now. So it's obviously too much and 12 will suffice.
