phpass is a portable password hashing framework for use in PHP applications. The preferred (most secure) hashing method supported by phpass is the OpenBSD-style bcrypt (known in PHP as CRYPT_BLOWFISH), with a fallback to BSDI-style extended DES-based hashes (known in PHP as CRYPT_EXT_DES), and a last resort fallback to an MD5-based variable iteration count password hashing method implemented in phpass itself.
|Tags||Internet Web Dynamic Content CGI Tools/Libraries Security Cryptography Software Development Libraries php classes|
|Operating Systems||OS Independent|
Release Notes: The getmypid() PHP function is no longer required by the framework. phpBB3's "$H$" hash encoding prefix is now supported. An array size bug in the correctness-testing C reimplementation has been corrected.
Release Notes: The /dev/urandom read attempt has been enhanced to not trigger a custom error handler that the application might have set up.
Release Notes: The framework test program has been enhanced in numerous ways, and a minor bug which had no practical impact in the framework itself has been fixed.
No changes have been submitted for this release.