phpass is a framework for password hashing in PHP that can be used across different systems.
The most secure hashing method preferred by phpass is the OpenBSD-style Blowfish-based bcrypt. This method is also supported by the public domain crypt_blowfish package for C applications and is known in PHP as CRYPT_BLOWFISH. In case the preferred method fails, phpass also supports BSDI-style extended DES-based hashes (CRYPT_EXT_DES) and an MD5-based variable iteration count password hashing method, implemented within the framework.
To prevent fallbacks to lower security hashing methods, users may utilize the PHP Hardening-Patch. This patch integrates crypt_blowfish into the PHP interpreter, making bcrypt available for use by PHP scripts even if the host system does not support it. Ideally, future versions of PHP will include this integration by default.
Included in the phpass package are a PHP source file containing the PasswordHash PHP class, a small PHP application that demonstrates how to use the PasswordHash class, and a C re-implementation of the last resort password hashing method used for testing purposes only.
In conclusion, phpass is a reliable and secure framework for PHP password hashing. Its compatibility with older PHP versions and support for multiple hashing methods makes it a valuable tool for developers. The inclusion of a demonstration application and testing implementation only adds to its user-friendliness.
Version 0.2: N/A