Using base64_encode when using PHP's crypt() function

Question

I have a quick question for you guys:

I am tinkering with PHP (I am relatively inexperienced), and am interested in developing a secure password hashing system for use on my site. Through other articles and questions on SO, I have surmised that I should be using PHP's crypt() function for an implementation of BSD's bcrypt hashing algorithm.

My question to you pertains to the fact that, when I feed the function an initialization vector or password, inputs that are not base64 seem to return a "0" as the hash. Here is what I have implemented to work around this issue:

$salt = base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM));

and

$password = base64_encode($password);

Is there a danger of collisions or otherwise decreased security when I change the encodings like this?

My idea was that I would like to allow users to use any range of characters for their passwords (I will enforce a good password policy) without having to worry about my hash function returning an empty hash.

Is there a more simple or elegant way to do this? Should I perhaps be using a hash function that doesn't restrict my salt and password as much?

Thanks in advance for any help you can give me.

Answer 1

For hashing in php, I suggest using the hash function. It takes an algorithm to use, so you can throw it through sha or anything else.

As for collisions, I wouldn't worry about them, it's highly unlikely that you will get impacted by collisions.

Answer 2

Encoding it under base64 does not increase the chance of collision as it is simply a 1-to-1 translation. It does not reduce the password haystack whatsoever.