I have to deploy a php app for a client, but his server doesn’t support bcrypt. I have no way to change this. What should I use instead of bcrypt to hash the user’s passwords?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have to deploy a php app for a client, but his server doesn’t support bcrypt. I have no way to change this. What should I use instead of bcrypt to hash the user’s passwords?
bcrypt is ideal for password hashing because it is slow, in addition to other useful properties.
Using SHA256, or even SHA1 with an appropriate salted value should do the job quite well for most password-hashing-purposes.
—
See also: http://www.openwall.com/phpass/