Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I want to use Blowfish hashing to hash password.
crypt() does not support it in PHP versions prior to 5.3
My PHP version is 5.2.14. How can I use Blowfish hashing? Can I use PEAR’s Crypt_Blowfish instead?
PEAR’s Crypt_Blowfish is meant to stand in for PHP’s MCrypt extension – it’s a two-way encryption scheme, not for hashing. While bcrypt is based on Blowfish, it’s not the same thing. Confusingly, PHP 5.3.0’s CRYPT_BLOWFISH is a hashing algorithm.
Is there a reason why upgrading to PHP 5.3.0+ would not be possible? This isn’t something you want to try to implement yourself. If you can, phpass is a great way to do bcrypt-based password hashing securely. If you absolutely can’t upgrade, phpass falls back to older hashing schemes (but it’s still more secure than plain MD5, etc).
If for some reason you can install Suhosin but not upgrade PHP, that would add CRYPT_BLOWFISH support.
To make sure you don’t currently have CRYPT_BLOWFISH installed, try the following: