to use CRYPT_BLOWFISH on php 5.2 that doesn't support it

Question

I am running my page on PHP 5.2 that does not support CRYPT_BLOWFISH but CRYPT_MD5, and have heard that the blowfish is much more safer than md5.

Since I am not the supervisor thing, I can not upgrade PHP to a version that supports it.

Is there any hack for using CRYPT_BLOWFISH on PHP 5.2?

and,

$hash_key = crypt($something, '$2a$anySalt');

is pasting '$2a$' at the very first side correct?

quite confused.

P.s. If I use crypt() with CRYPT_BLOWFISH, will bcrypt work well in the crypt() function?

The simple answer is to get a host that uses maintained versions of PHP. 5.2 is End-Of-Life. — ircmaxell, Jul 24 '12 at 19:41

score 6 · Accepted Answer · answered Jul 24 '12 at 18:57

6

You can use PHPASS which has fallbacks to support systems that don't support CRYPT_BLOWFISH. Otherwise you can't really use bcrypt from PHP that I know of.

answered Jul 24 '12 at 18:57

Robert K

30,064
12
61
79

It should be noted that PHPass, in its portable modem, the mode that works with 5.2, will fall back to salted md5 hashes with multiple iterations. Of course, this was answered several years ago, but at this point md5 is no longer secure, anyone on PHP 5.2 needs to upgrade. – Ecksters Feb 08 '18 at 16:24
Yes, if you aren't using PHP 5.6 or newer (preferably PHP 7), you really should upgrade! The new http://php.net/password_hash method is far superior. – Robert K Feb 09 '18 at 15:07

to use CRYPT_BLOWFISH on php 5.2 that doesn't support it

1 Answers1

Linked