I have a quick question for you guys:

I am tinkering with PHP (I am relatively inexperienced), and am interested in developing a secure password hashing system for use on my site. Through other articles and questions on SO, I have surmised that I should be using PHP’s crypt() function for an implementation of BSD’s bcrypt hashing algorithm.

My question to you pertains to the fact that, when I feed the function an initialization vector or password, inputs that are not base64 seem to return a “0” as the hash. Here is what I have implemented to work around this issue:

$salt = base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM));

and

$password = base64_encode($password);

Is there a danger of collisions or otherwise decreased security when I change the encodings like this?

My idea was that I would like to allow users to use any range of characters for their passwords (I will enforce a good password policy) without having to worry about my hash function returning an empty hash.

Is there a more simple or elegant way to do this? Should I perhaps be using a hash function that doesn’t restrict my salt and password as much?

Thanks in advance for any help you can give me.