Possible Duplicate:
How do you use bcrypt for hashing passwords in PHP?
I am developing an API using PHP. My previous version of the API which I want to migrate from was build using Rails 3.
I have only one problem. The stored passwords for the users was encrypted with the below technique.
BCrypt::Engine.hash_secret(password, user.password_salt); How can I do the same in PHP (Codeigniter) so that the users can continue using their old passwords?
Thankful for all help!
I think you can use the crypt function with the blowfish algorithm: http://php.net/manual/en/function.crypt.php
Another option is to use mcrypt: http://www.php.net/manual/en/ref.mcrypt.php
Edit: example
Here's what I would do:
$hashedPassword = crypt('password', '$2a$11$abcd'); Use crypt like this:
hash = crypt(password, salt); $hashedPassword should now contain the hash.
Basically in order to use the blow fish alogrithm, the salt needs to be in this format: $2a$[2 digit cost parameter]$[22 digit alphanumeric string]
To determine if you have blowfish on yours server:
if (CRYPT_BLOWFISH == 1) { echo 'Blowfish: ' . crypt('rasmuslerdorf', '$2a$07$usesomesillystringforsalt$') . "\n"; } 
I'm not sure how it's done but take a look at the source for Tank Auth, it uses bcrypt. I think it's smart enough to use the built in library if it's present on the system and falls back to an included version if necessary.
