Is there any way to use bcrypt "hashing" in PHP 5.2?

6
votes

I'm running a website with password hashing, but I think the current algorithm is insufficient. I tried to use PHP's crypt() with the blowfish option, but my PHP version is only 5.2 so CRYPT_BLOWFISH is not enabled.

I've seen 3rd party libraries that can encrypt via Blowfish, but none that do the full Bcrypt hashing. Is there any PHP library you know of that has bcrypt hashing without use of the crypt() function? Or, even better, any method of feeding a 3rd party blowfish encryption algorithm into a 3rd party bcrypt hashing algorithm?

Just to clarify, I am not able to install a newer version of PHP, as I'm on shared hosting.

I would really appreciate any suggestions! Thanks!

2
phppasswordshashblowfishbcrypt
A good excuse to get a VPS instead of shared hosting? :)Dan Grossman
Unfortunately, not my choice; if it were, we'd have our own cluster :Puser887068
Related: stackoverflow.com/questions/3552464/…Sukumar
If I can use 3rd party blowfish encryption, tell me if this would be secure: I have a file, 1 kb of data culled from /dev/urandom. I then use blowfish to encrypt the file, using the password+a 128 bit random salt as the key. The resulting "digest" would be stored in the db, along with the salt. Would that work at all? Otherwise I might just port jBCrypt.user887068

2 Answers

2
votes

If you can install the Suhosin extension, bcrypt will work with Blowfish. (You don't need to recompile PHP, the extension is enough.)

On Ubuntu, you install it like this:

sudo apt-get install php5-suhosin
1
votes

Thanks everyone for your answers, but to make things easier for now I've decided to just get the PECL perl package and use Crypt:Eksblowfish.