mindplay/blowfish
, (*1)
I want Blowfish password encryption, which is currently the best available., (*2)
I also want:, (*3)
- Strong, fast entropy: mcrypt when available, fall back to dev/urandom or
mt_rand()
- Variable cost: prioritize speed vs cipher strength depending on your needs
- Ease of use and a small, simple dependency
I do not want a large, complicated password encryption framework - I feel quite
comfortable having a hard dependency on a public API consisting of two methods:, (*4)
public function hash($value): string;
public function check($value, $hash): bool;
Replacing this with something else in the future would be trivial., (*5)
You need php version 5.3.7 or newer for working Blowfish implementation - prior
versions had a broken Blowfish implementation., (*6)
Usage
Trivial:, (*7)
$service = new BlowfishService();
$password = '$up3rS3c3tp@55w0rD';
$hash = $service->hash($password); // encrypt the password
$is_valid = $service->check($password, $hash); // check the password