Which implementation of bcrypt is recommended for PHP 5.3?

Question

OK, I finally understand bcrypt, how it works, and how to store it in the DB, so I'm almost good to go. The problem now is picking which implementation of bcrypt to use with PHP 5.3.

I'm going crazy looking at all the different solutions, and I'm not sure which one is the most recommended and safest to use, so I'm once again turning to you guys.

Here are the ones I've found:

1) https://gist.github.com/marcoarment/1053158

2) http://www.openwall.com/phpass/

3) https://stackoverflow.com/a/6337021/869849

4) ...something else?

Are these interchangeable, or do they produce different hashes? I would like to think that since they are all "bcrypt", they would yield the same results, but I'm not sure (I tested 1) and 2) above and they seem to be interchangeable since the hash produced by 1) checked out on 2)).

So which is the recommended solution for PHP 5.3?

`Are these interchangeable, or do they produce different hashes?` Why don't you load them up and try it? — nickb, Mar 27 '13 at 16:20
Best solution: you should use the password library that is being built-in for PHP 5.5. They've released a backward-compatibility version for PHP 5.3 and 5.4. See [here](https://github.com/ircmaxell/password_compat). However note that you'll need 5.3.7 or higher. There was a security issue with bcrypt prior to 5.3.7 which means that the new library won't work. — Spudley, Mar 27 '13 at 16:28
@nickb: I meant more generally, as I actually tried `1)` and `2)` and they seem to be interchangeable as mentioned in my post above. — ProgrammerGirl, Mar 27 '13 at 16:29
@Spudley: My PHP is under `5.3.7` unfortunately, otherwise that would have been ideal. What would you say is the next best option? — ProgrammerGirl, Mar 27 '13 at 16:30
@Programmer - then ideally you should upgrade at once (note: I did mention there's a security issue in older versions of bcrypt). If you can't upgrade or can't use use the Password_compat lib for any other reason, the next best that I would suggest is [PasswordLib](https://github.com/ircmaxell/PHP-PasswordLib), by the same author. — Spudley, Mar 27 '13 at 16:32
@Spudley: OK, I just upgraded to PHP `5.3.22` on your advice. So how would I install the library you recommended and how would I use it to bcrypt my user's passwords? — ProgrammerGirl, Mar 27 '13 at 16:43
@Programmer - hold on, I'll post it as an answer rather than here in the comments.... — Spudley, Mar 27 '13 at 16:45
Also see Openwall's [PHP password hashing framework](http://www.openwall.com/phpass/) (PHPass). Its portable and hardened against a number of common attacks on user passwords. The guy who wrote the framework (SolarDesigner) is the same guy who wrote [John The Ripper](http://www.openwall.com/john/) and sits as a judge in the [Password Hashing Competition](http://password-hashing.net/). So he knows a thing or two about attacks on passwords. — jww, Oct 12 '14 at 00:35

Spudley · Accepted Answer · 2013-03-27T17:17:55.287

18

Best solution: you should use the password library that is being built-in for PHP 5.5. They've released a backward-compatibility version for PHP 5.3 and 5.4 called password_compat. However note that you'll need 5.3.7 or higher. There was a security issue with bcrypt prior to 5.3.7 which means that the new library won't work.

If you are on a version prior to 5.3.7, then the next best option is Password Lib by the same author. But I'd suggest upgrading PHP instead would be the better option.

Installing

Both libraries can be installed simply by downloading them, copying them to your site folder, and including their main file in your code - ie require('password.php');.

Installing via Composer is also an option if you are using it.

Usage (Assuming you're going with password_compat):

To create a password:

$hash = password_hash($password, PASSWORD_BCRYPT);

To verify a password:

if (password_verify($password, $hash)) {
    /* Valid */
} else {
    /* Invalid */
}

And that's basically all you need to know. The library handles all the other details for you like salting the password, etc.

[EDIT] If you need to change the algorithm 'cost', as per your comment, then add an additional parameter to the password_hash() call to specify it, like this:

password_hash($password, PASSWORD_BCRYPT, array("cost" => 11));

Full documentation is available on the download page I linked above.

The really good thing about using the password_compat library is that it is specifically designed to have the same API and functionality that is being built into PHP as standard in PHP 5.5. Therefore, if you use password_compat while you're on PHP 5.3 or 5.4, when you move to PHP 5.5 you'll already have the right code to in your system to use the new built-in password functions. The only difference will be that you won't need to include the library.

edited Mar 27 '13 at 17:17

answered Mar 27 '13 at 16:52

Spudley

166,037
39
233
307

Thanks Spudley! What will I have to do/change when I eventually upgrade to PHP `5.5`? – ProgrammerGirl Mar 27 '13 at 17:07
2

@Programmer - It is the name of the compatibility library. Should you switch to PHP 5.5 later, you can simply remove the `require('password.php')` and you should be fine, the function in PHP 5.5 will have the same name and the same parameters. – martinstoeckli Mar 27 '13 at 17:10
@Programmer - I've modified the answer to make it clearer. :-) – Spudley Mar 27 '13 at 17:11
@Spudley: Awesome, thanks for the clarification. Last question: how do you set the number of "rounds" (e.g. 8, 12, etc.) when creating the hash? – ProgrammerGirl Mar 27 '13 at 17:13
1

@Programmer - There is already a good default value of 10, so you could simply leave it out. If yout want to use another cost factor, you can write it like this `password_hash($password, PASSWORD_BCRYPT, ["cost" => 11])`. – martinstoeckli Mar 27 '13 at 17:15
@martinstoeckli: Thanks! I've heard that the higher the rounds/cost, the better, as long as it doesn't take too long to verify (about 1 second being reasonable during a login). So I'm thinking of going with 13 as my hardware can do it in under 1 second. – ProgrammerGirl Mar 27 '13 at 17:16
@martinstoeckli is correct, although note that the syntax he's used in the comment above uses short array syntax which requires PHP 5.4. (OP states he has 5.3). – Spudley Mar 27 '13 at 17:16
1

@Programmer - edited answer to include additional example, specifying the cost parameter (ie the 'rounds' feature you asked about). – Spudley Mar 27 '13 at 17:18
@Programmer I don't want to sound like an ass but since you're working on a "security feature" I would like to suggest you read up on documentation better; the answer to the number of rounds, how to specify the number of rounds and the time it (should) take and some more questions in the comments you posted have all been answered in the [documentation](https://github.com/ircmaxell/password_compat) and/or your [previous question](http://stackoverflow.com/q/15662729/215042). I find it rather impolite to keep asking questions that people invest time answering for you without you doing any work. – RobIII Mar 27 '13 at 17:19
@Programmer: Also, stating "I'm going crazy looking at all the different solutions" isn't very credible if both questions (this one and your previous one) are only 50 minutes apart. Either you don't invest a lot of effort or your bar for "going crazy" is set to a very low threshold ;-) Also, [password_compat](https://github.com/ircmaxell/password_compat) was mentioned in your [previous question](http://stackoverflow.com/q/15662729/215042) and still you didn't bother to look at it or mention it in this question?? Why? I'm just saying... – RobIII Mar 27 '13 at 17:21
@RobIII: I don't understand why you are chasing me around and giving me a hard time, I spent all day yesterday (not "50 minutes") researching bcrypt for the Nth time. I know very little about encryption, so I don't want to make ANY assumptions and risk doing something wrong that ends up leaving a huge security hole on my site. Please do not make assumptions about me since you don't know me or how long I've spent researching bcrypt. Thank you. – ProgrammerGirl Mar 27 '13 at 17:25
@Programmer I'm not "chasing" you (just happened to stumble upon this question as well as your previous question). All I'm saying is that, between the both questions, is a 50 minute timespan. In the previous question a lot was explained, [password_compat was mentioned](http://goo.gl/nquzt), and a lot (if not all) of your questions in THIS question were answered already. All I'm saying is you might need to read more carefully and try to remember other people are investing time answering your questions. Honor (respect if you will) that time by studying the answers close(r). Bygones be bygones. – RobIII Mar 27 '13 at 17:28
@RobIII: Understood, but based on the upvotes and the times my bcrypt-related questions today have been Favorited, I'm clearly not the only one having these doubts. Security/encryption is very tough for those of us that aren't experts in it, and the risks are tremendous, so I always prefer to ask (even if it makes me look stupid) rather than assume I understood something correctly when the stakes are this high. At any rate, thanks for your advice. – ProgrammerGirl Mar 27 '13 at 17:31

score 1 · Answer 2 · answered Sep 27 '14 at 10:04

1

if you are try to update to PHP 5.5 please review this before migration this manual has very interesting points that should be read prior to upgrading

There are changes from 5.3 to 5.4 and the release notes's backward incompatibility page

http://php.net/manual/en/migration54.incompatible.php

answered Sep 27 '14 at 10:04

Yousef Altaf

2,631
4
46
71

I can find nothing on the linked page that would have any implication to the usage of `password_hash()`. – martinstoeckli Sep 28 '14 at 13:12
@martinstoeckli no it's not about the `password_hash()` it's for upgrading from PHP 5.3.x to 5.5 I have the same problem and I got a solution to upgrade to PHP 5.5 so I read about upgrading in that page. – Yousef Altaf Sep 28 '14 at 13:33
Ok, but what does it have to do with the question then? – martinstoeckli Sep 28 '14 at 13:38
I was reading in the answers about this "Best solution: you should use the password library that is being built-in for PHP 5.5. They've released a backward-compatibility version for PHP 5.3 and 5.4 called password_compat. However note that you'll need 5.3.7 or higher. There was a security issue with bcrypt prior to 5.3.7 which means that the new library won't work." so I write "if you are try to update to PHP 5.5 please review this before migration" for anyone planing to upgrade. that is it. – Yousef Altaf Sep 28 '14 at 13:44
1

Ah well, this security issue was fixed with the `2y` algorithm instead of `2a`, both produce BCrypt hashes. Even if you created hashes with `2a` you can verify them with PHP 5.5, so it _is_ backwards-compatible. Only with some very weird and invalid unicode passwords you could get any trouble, but even then the usage of `2a` was the best available algorithm. – martinstoeckli Sep 28 '14 at 13:54
Thanks @martinstoeckli for the info but I have a problem with PHPass I don't know should if it's right or not to live my question link here for you to see it but anyway please review it and if you can help me with it I will be much appreciative for you http://stackoverflow.com/questions/26034417/using-phpass-to-hash-password-trouble – Yousef Altaf Sep 28 '14 at 14:05
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/62068/discussion-between-yousef-altaf-and-martinstoeckli). – Yousef Altaf Sep 28 '14 at 14:38

Which implementation of bcrypt is recommended for PHP 5.3?

2 Answers2

Linked