Password hashing compatible with Java and PHP

Question

Is there a secure password hashing library (e.g. phpass) or hashing method that I can easily use in both PHP and Java?

Answer 1

If you want do the easy thing, you can use sha-N with salt. (N being 1, 256 or 512)

---

Jeff Atwood did a nice blog post on that recently, saying that bcrypt and PBKDF2 are the best options.

In PHP you can use bcrypt (and in Java too)

---

Related topics:

• How do you use bcrypt for hashing passwords in PHP?

Resouces:

• Coding Horror - Speed Hashing
• Security Stack exchange - Do any security experts recommend bcrypt for password storage?

Answer 2

Any standard library such as SHA*, MD* will do. SHA>2 is recommended (e.g. SHA512).