Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

password_hash equivalent for php 5.4? [duplicate]

I developed my site using XAMPP with php 5.5 installed. I just realize that my host only has php 5.4 (cannot update to 5.5 yet). My problem is that I cannot use the new php 5.5 password_hash() feature. Is there an equivalent method for hashing with salt for php 5.4?

Is there a way to get this equivalent code (below) to work in php 5.4?

$options = [
  'salt' => uniqid(mt_rand(), true),
  'cost' => 12 
];
$hash = password_hash($mypassword, PASSWORD_DEFAULT, $options);
like image 835
bagofmilk Avatar asked Aug 18 '14 21:08

bagofmilk


People also ask

What is password_hash PHP?

password_hash() creates a new password hash using a strong one-way hashing algorithm. The following algorithms are currently supported: PASSWORD_DEFAULT - Use the bcrypt algorithm (default as of PHP 5.5. 0). Note that this constant is designed to change over time as new and stronger algorithms are added to PHP.

How does PHP password_hash work?

It is a one-way algorithm, in that you don't decrypt it to validate it, you simply pass the original string in with your password and if it generates the same hash for the provided password, you're authenticated. It's best to omit the salt and let it generate one for you.

How secure is password_hash PHP?

The result hash from password_hash() is secure because: It uses a strong hashing algorithm. It adds a random salt to prevent rainbow tables and dictionary attacks.

What hash algorithm is used for password authentication?

Commonly used hashing algorithms include Message Digest (MDx) algorithms, such as MD5, and Secure Hash Algorithms (SHA), such as SHA-1 and the SHA-2 family that includes the widely used SHA-256 algorithm.


1 Answers

Use password_compat. It's a backward compatible library to emulate password_hash() in older versions of PHP (5.3.7+).

like image 167
John Conde Avatar answered Oct 07 '22 10:10

John Conde