I’m working on some PHP meant to be deployed to users’ servers – likely

Question

0

Asked: June 14, 20262026-06-14T11:23:25+00:00 2026-06-14T11:23:25+00:00

I’m working on some PHP meant to be deployed to users’ servers – likely

0

I’m working on some PHP meant to be deployed to users’ servers – likely cheap/shared hosting (meaning lowest-common-denominator PHP 5.2, no modification of PHP installation). Common advice for password hashes seems to be bcrypt or scrypt, via installable extensions for PHP 5.2.

I’ve been thinking about using an iterated SHA-512 with a beefy per-user salt, but it doesn’t sound like it really compares to bcrypt/scrypt.

Without the ability to modify the base PHP installation, what options do I have for strong password security?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-14T11:23:26+00:00

Editorial Team

2026-06-14T11:23:26+00:00Added an answer on June 14, 2026 at 11:23 am

As mentioned in the comments to the original question, a PHP < 5.2 implementation of PBKDF2 is available at http://crackstation.net/hashing-security.htm.

PBKDF2 is arguably a better option than bcrypt/scrypt, having been much more thoroughly studied and tested.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m working on some PHP meant to be deployed to users’ servers – likely

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply