PHPackages 20steps/bricks-scrypt-password-encoder-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. 20steps/bricks-scrypt-password-encoder-bundle ActiveSymfony-bundle[Security](/categories/security) 20steps/bricks-scrypt-password-encoder-bundle ============================================= Scrypt password encoder for Symfony2 and Symfony3 v1.0.1(9y ago)0254MITPHPPHP >=5.3.3 Since Aug 28Pushed 9y ago4 watchersCompare [ Source](https://github.com/20steps/bricks-scrypt-password-encoder-bundle)[ Packagist](https://packagist.org/packages/20steps/bricks-scrypt-password-encoder-bundle)[ RSS](/packages/20steps-bricks-scrypt-password-encoder-bundle/feed)WikiDiscussions master Synced 2mo ago READMEChangelogDependencies (4)Versions (5)Used By (0) UsuScryptPasswordEncoderBundle ============================== [](#ususcryptpasswordencoderbundle) This Bundle provides a Symfony2 and Symfony3 password encoder service that uses [scrypt](http://en.wikipedia.org/wiki/Scrypt) for password encoding. [![Build Status](https://camo.githubusercontent.com/26bcaa1f4b83fd9460479f94094090863d1bbb28e9c9e7a2b4ee65b720a398a8/68747470733a2f2f7472617669732d63692e6f72672f616e647265617573752f55737553637279707450617373776f7264456e636f64657242756e646c652e706e673f6272616e63683d6d6173746572)](https://travis-ci.org/andreausu/UsuScryptPasswordEncoderBundle) [![Latest Stable Version](https://camo.githubusercontent.com/b9e5eab95bd91979d6ba636bd4d2e44b289559769dbae534e1cdea4b4d32b4a1/68747470733a2f2f706f7365722e707567782e6f72672f7573752f7363727970742d70617373776f72642d656e636f6465722d62756e646c652f762f737461626c652e737667)](https://packagist.org/packages/usu/scrypt-password-encoder-bundle) [![Total Downloads](https://camo.githubusercontent.com/1b57be7a7b406e6c44c4682f6c15e3b6ea2d2f6146598e79c14731058195a468/68747470733a2f2f706f7365722e707567782e6f72672f7573752f7363727970742d70617373776f72642d656e636f6465722d62756e646c652f646f776e6c6f6164732e737667)](https://packagist.org/packages/usu/scrypt-password-encoder-bundle) [![License](https://camo.githubusercontent.com/7689361d155888f7e981ebe068a1d114fc1d44796d545385db70d59829fa3609/68747470733a2f2f706f7365722e707567782e6f72672f7573752f7363727970742d70617373776f72642d656e636f6465722d62756e646c652f6c6963656e73652e737667)](https://packagist.org/packages/usu/scrypt-password-encoder-bundle) Why you should use scrypt ------------------------- [](#why-you-should-use-scrypt) The scrypt key derivation function is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt. [![KDF comparison](https://github.com/tarcieri/scrypt/raw/modern-readme/kdf-comparison.png)](https://github.com/tarcieri/scrypt/raw/modern-readme/kdf-comparison.png) The designers of scrypt estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against PBKDF2. [But I'm already using Bcrypt!](http://www.unlimitednovelty.com/2012/03/dont-use-bcrypt.html) Installation ------------ [](#installation) Add this to your composer.json: ``` { "require": { "usu/scrypt-password-encoder-bundle": "dev-master" } } ``` Then run: ``` $ composer update usu/scrypt-password-encoder-bundle ``` Add the bundle in `app/AppKernel.php`: ``` $bundles = array( // ... new Usu\ScryptPasswordEncoderBundle\UsuScryptPasswordEncoderBundle(), ); ``` And, finally, set the encoder in `app/config/security.yml`: ``` security: encoders: Symfony\Component\Security\Core\User\User: id: security.encoder.scrypt ``` Or, if you are using the excellent `FOSUserBundle`: ``` security: encoders: FOS\UserBundle\Model\UserInterface: id: security.encoder.scrypt ``` Configuration ------------- [](#configuration) You can change the default bundle values (shown below) by adding the following to your `config.yml` file: ``` usu_scrypt_password_encoder: cpu_cost: 2048 memory_cost: 4 parallelization_cost: 1 key_length: 64 ``` Changing any of the above parameters will result in a different key (auto updating of old passwords is not currently supported). The parameter `key_length` determines the size in bytes of the derived key; eg: a 64 bytes key will result in a 88 characters string after the automatic base64\_encode. Please refer to the [original documentation](http://framework.zend.com/manual/2.2/en/modules/zend.crypt.key.derivation.html#scrypt-adapter) for additional informnation. Testing ------- [](#testing) This bundle is fully tested with PHPUnit. Go to the root folder, install the dev dependencies with composer, and then run the phpunit test suite ``` $ composer --dev install $ ./vendor/bin/phpunit ``` License ------- [](#license) This bundle is released under the MIT license. See the complete license in the bundle: ``` Resources/meta/LICENSE ``` Acknowledgements ---------------- [](#acknowledgements) I would like to thank [elnur](https://github.com/elnur) for creating the great ElnurBlowfishPasswordEncoderBundle that inspired me to release this and [pbhogan](https://github.com/pbhogan/scrypt) from which I borrowed the "Why you should use scrypt" readme section. ### Health Score 28 — LowBetter than 54% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity11 Limited adoption so far Community11 Small or concentrated contributor base Maturity61 Established project with proven stability Bus Factor1 Top contributor holds 68.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~407 days Total 4 Last Release 3423d ago Major Versions v0.1.1 → v1.0.02014-11-29 ### Community Maintainers ![](https://www.gravatar.com/avatar/b7601e5458b38b514ef7c696075cb349670c50ec0a8a1f8440b68b6df32f230a?d=identicon)[helmuthva](/maintainers/helmuthva) --- Top Contributors [![andreausu](https://avatars.githubusercontent.com/u/623986?v=4)](https://github.com/andreausu "andreausu (13 commits)")[![helmut-hoffer-von-ankershoffen](https://avatars.githubusercontent.com/u/1826050?v=4)](https://github.com/helmut-hoffer-von-ankershoffen "helmut-hoffer-von-ankershoffen (6 commits)") --- Tags symfonysecuritypasswordscryptpassword-encoder ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/20steps-bricks-scrypt-password-encoder-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/20steps-bricks-scrypt-password-encoder-bundle/health.svg)](https://phpackages.com/packages/20steps-bricks-scrypt-password-encoder-bundle) ``` ### Alternatives [usu/scrypt-password-encoder-bundle Scrypt password encoder for Symfony2 191.3k](/packages/usu-scrypt-password-encoder-bundle)[gregwar/captcha-bundle Captcha bundle 3524.7M32](/packages/gregwar-captcha-bundle)[scheb/2fa Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install) 578630.7k1](/packages/scheb-2fa)[elnur/blowfish-password-encoder-bundle Blowfish (bcrypt) based password encoder for Symfony2 61129.6k](/packages/elnur-blowfish-password-encoder-bundle)[rezzza/security-bundle Signed requests check 1753.6k](/packages/rezzza-security-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)