0

I just learned that my host provider doesn't offer bcrypt on shared hosting. They suggested that i use mcrypt but I'm not so sure how secure it is. What is the best alternative to bcrypt?

TAllen Weav
  • 3
  • 4

2 Answers2

1

This is like comparing apples and pears. Bcrypt is a key derivation function for passwords. Mcrypt is a cryptographic library.

The biggest issues with mcrypt is the lack of a good random number generator, and a lack of good examples of how to use the library. I would give a meager 5/10 for design.

If you need a PHP version of bcrypt then check these links out:

Which means you can choose bcrypt using an openssl wrapper or directly in PHP. Check your provider which is supported, and don't forget that bcrypt/scrypt deliberately use CPU cycles and/or memory accesses to slow things down. Your provider may not like that too much (depending on the traffic of course).

Community
  • 1
  • 1
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
0

Asked before here

The hash_hmac() function seems to be a reliable system to generate hashes. The hmac is not a hash function itself, it improves existing hash algorithms like sha or ripemd instead. Example of how to use:

hash_hmac('ripemd256', $dataToHash, $key);

More information to the hmac you can find in Wikipedia - HMAC.

Community
  • 1
  • 1
Phil
  • 10,948
  • 17
  • 69
  • 101
  • Ok i've heard of this before. Thanks for showing how to use it though. But I guess I should of asked if there was an alternative "one-way" encryption function, that's similar to bcrypt? – TAllen Weav Sep 06 '12 at 19:26
  • Yes, that changes the answer. Be sure to edit that in your question. – Phil Sep 06 '12 at 19:35