Reputation: 3
Good php alternative to bcrypt encryption when it's not available?
I just learned that my host provider doesn't offer bcrypt on shared hosting. They suggested that i use mcrypt but I'm not so sure how secure it is. What is the best alternative to bcrypt?
Upvotes: 0
Views: 1497
Answers (2)
Reputation: 93948
This is like comparing apples and pears. Bcrypt is a key derivation function for passwords. Mcrypt is a cryptographic library.
The biggest issues with mcrypt is the lack of a good random number generator, and a lack of good examples of how to use the library. I would give a meager 5/10 for design.
If you need a PHP version of bcrypt then check these links out:
Which means you can choose bcrypt using an openssl wrapper or directly in PHP. Check your provider which is supported, and don't forget that bcrypt/scrypt deliberately use CPU cycles and/or memory accesses to slow things down. Your provider may not like that too much (depending on the traffic of course).
Upvotes: 1
Reputation: 11175
Asked before here
The
hash_hmac()function seems to be a reliable system to generate hashes. The hmac is not a hash function itself, it improves existing hash algorithms like sha or ripemd instead. Example of how to use:
hash_hmac('ripemd256', $dataToHash, $key);
More information to the hmac you can find in Wikipedia - HMAC.
Upvotes: 0
Related Questions
- PHP 7.4 direct replacement for mcrypt decryption
- mcrypt is deprecated, what is the alternative?
- How to migrate from sha256 encryption to bcrypt for PHP?
- Alternative to mcrypt_encrypt?
- Which implementation of bcrypt is recommended for PHP 5.3?
- Bcrypt security
- Alternatives to Mcrypt for encryption / decryption in PHP?
- What password one-way hash should I use in PHP when bcrypt is unavailable?
- How to use bcrypt with php for password authentication?
- is there a native alternative to mcrypt?