what is an alternative to password_hash() for (PHP 5 < 5.5.0)?

Question

According to manual: password_hash this function can be used for (PHP 5 >= 5.5.0)

After searching for an alternative way I found this simple function

Answer 1

For PHP versions < 5.3.7, I'd recommend:

http://www.openwall.com/phpass/

For PHP versions >= 5.3.7, use:

https://github.com/ircmaxell/password_compat

Generating your own salts takes a lot of know how, because a good, proper salt requires a lot of entropy. Generating this salt in PHP is troublesome, which is why you usually end up depending on other resources to provide this string for you, such as /dev/urandom or openssl_random_pseudo_bytes. Believe me, this isn't something you want to try yourself without serious research and consideration.

Using the new password_* API is recommended, but it can be problematic if you need to support older versions of PHP, which is where PHPass comes in. Gotta hate those $1 per month hosting plans with PHP 5.2

Answer 2

For versions of PHP > 5.3.7 but prior to 5.5.0, you can find an implementation of password_hash at https://github.com/ircmaxell/password_compat written by the same person that developed the version now implemented in PHP 5.5.0+ and deliberately intended to provide backward compatibility