Is there any way to use bcrypt "hashing" in PHP 5.2?

Asked 10/8, 2011 at 3:3 Answered 13/8, 2011 at 4:26

I'm running a website with password hashing, but I think the current algorithm is insufficient. I tried to use PHP's crypt() with the blowfish option, but my PHP version is only 5.2 so CRYPT_BLOWFISH is not enabled.

I've seen 3rd party libraries that can encrypt via Blowfish, but none that do the full Bcrypt hashing. Is there any PHP library you know of that has bcrypt hashing without use of the crypt() function? Or, even better, any method of feeding a 3rd party blowfish encryption algorithm into a 3rd party bcrypt hashing algorithm?

Just to clarify, I am not able to install a newer version of PHP, as I'm on shared hosting.

I would really appreciate any suggestions! Thanks!

Manifestation answered 10/8, 2011 at 3:3 Comment(4)

A good excuse to get a VPS instead of shared hosting? :) – Arbela 10/8, 2011 at 3:36

Unfortunately, not my choice; if it were, we'd have our own cluster :P – Manifestation 10/8, 2011 at 5:54

Related: #3552964 – Blepharitis 10/8, 2011 at 7:25

If I can use 3rd party blowfish encryption, tell me if this would be secure: I have a file, 1 kb of data culled from /dev/urandom. I then use blowfish to encrypt the file, using the password+a 128 bit random salt as the key. The resulting "digest" would be stored in the db, along with the salt. Would that work at all? Otherwise I might just port jBCrypt. – Manifestation 10/8, 2011 at 17:34

If you can install the Suhosin extension, bcrypt will work with Blowfish. (You don't need to recompile PHP, the extension is enough.)

On Ubuntu, you install it like this:

sudo apt-get install php5-suhosin

Jog answered 12/8, 2011 at 7:51 Comment(1)

Annoyingly, it's redhat and SSH is restricted. – Manifestation 13/8, 2011 at 4:19

Thanks everyone for your answers, but to make things easier for now I've decided to just get the PECL perl package and use Crypt:Eksblowfish.

Manifestation answered 13/8, 2011 at 4:26 Comment(0)

Recommended topics

Hot tags