Description

When PHP is built against an external libxcrypt (--with-external-libcrypt, e.g. on Fedora and derivatives), passwords passed to crypt are limited by CRYPT_MAX_PASSPHRASE_SIZE which is by default 512. However, there's no way for userland to determine whether such a limit is in force, which can cause confusion. For example, the following code:

<?php
var_dump(crypt(str_repeat("a",513),"\$2y\$05\$" . str_repeat("b",22)));

Results in this output:

string(2) "*0"

I think it would be useful to expose this limit as a constant or helper function so that applications can determine whether crypt() password sizes are limited.