Hacker News new | ask | show | jobs
by chrisguitarguy 4746 days ago
There's also a library for PHP >= 5.3.7 that provides the same API if PHP 5.5 isn't an option yet.

https://github.com/ircmaxell/password_compat

Written by Anthony Ferrara, the same guy behind the `password_*` API in PHP 5.5
1 comments
fein 4746 days ago
There's also PHPass from OpenWall:

http://www.openwall.com/phpass/

link
kijin 4746 days ago
If you use PHPass, remember to check your hashes to make sure they're actually hashed with bcrypt. PHPass falls back to a less secure algorithm if bcrypt is not available in your PHP version. Most of the CMS's that claim to use PHPass actually use the "portable" option, which is based on MD5, because they want to remain compatible with PHP versions lower than 5.3 (the first version that is guaranteed to support bcrypt).
link
chrisguitarguy 4746 days ago
> Most of the CMS's that claim to use PHPass actually use the "portable" option

This is true for WordPress, which uses PHPass. You have to replace `wp_hash_password` to get WP to use bcrypt: http://wptip.me/wordpress-bcrypt

link