I'm running a website with password hashing, but I think the current algorithm is insufficient. I tried to use PHP's crypt() with the blowfish option, but my PHP version is only 5.2 so CRYPT_BLOWFISH is not enabled.
I've seen 3rd party libraries that can encrypt via Blowfish, but none that do the full Bcrypt hashing. Is there any PHP library you know of that has bcrypt hashing without use of the crypt() function? Or, even better, any method of feeding a 3rd party blowfish encryption algorithm into a 3rd party bcrypt hashing algorithm?
Just to clarify, I am not able to install a newer version of PHP, as I'm on shared hosting.
I would really appreciate any suggestions! Thanks!
If you can install the Suhosin extension, bcrypt will work with Blowfish. (You don't need to recompile PHP, the extension is enough.)
On Ubuntu, you install it like this:
sudo apt-get install php5-suhosin
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With