Simple bcrypt class for PHP 5.3 and above

Simple bcrypt class for PHP 5.3 and above →

June 29, 2011 ∞https://marco.org/2011/06/29/simple-php-bcrypt-class-phpass

My take on bcrypt, adapted¹ from phpass, since I learned last week that salted SHA-1 hashes aren’t secure enough anymore for password validation.

I’d love to get input from any security experts out there on whether this approach — essentially, only the CRYPT_BLOWFISH part of phpass — is sufficiently secure before I deploy it.

You might be wondering why I didn’t just use phpass. Most of its code is only necessary for legacy versions of PHP prior to 5.3, and I’d rather not have more code (and more potential vulnerabilities or shortcomings) than I need. I also wanted to modernize the code for PHP 5’s (and my own) conventions. ↩︎

Marco.org