PHPackages christian-riesen/password-hash-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. christian-riesen/password-hash-bundle AbandonedArchivedSymfony-bundle christian-riesen/password-hash-bundle ===================================== Custom password encoder for symfony2, using the new password hash api from php 5.5 (with fallback for 5.3 + 5.4) 1.2(13y ago)042↓100%MITPHPPHP >=5.3.7 Since Jan 30Pushed 13y ago1 watchersCompare [ Source](https://github.com/ChristianRiesen/password-hash-bundle)[ Packagist](https://packagist.org/packages/christian-riesen/password-hash-bundle)[ Docs](https://github.com/ChristianRiesen/password-hash-bundle)[ RSS](/packages/christian-riesen-password-hash-bundle/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (2)Versions (2)Used By (0) Password Hash Bundle ==================== [](#password-hash-bundle) Custom password encoder for symfony2, using the new password hash api from php 5.5 (with fallback for 5.3 + 5.4). Uses the [password\_compat implementation](https://github.com/ircmaxell/password_compat) by [Anthony Ferrara](http://blog.ircmaxell.com/) to provide a fallback for PHP 5.3 and 5.4. In PHP 5.5 it will ignore the fallback and use the native [password\_hash functions](http://php.net/manual/en/ref.password.php). Installation ------------ [](#installation) Use [composer](http://getcomposer.org/) and require the library in your `composer.json` ``` { "require": { "christian-riesen/password-hash-bundle": "1.*", } } ``` Update and you have this and the required library all in one package. Now update the AppKernel.php: ``` public function registerBundles() { $bundles = array( // ... new ChristianRiesen\PasswordHashBundle\PasswordHashBundle(), ); } ``` Now it's ready to be used in the `security.yml` file in `app\config` ``` security: encoders: Symfony\Component\Security\Core\User\User: id: security.encoder.passwordhash ``` If you have a different model, you can change it to that, for example, if you followed the [doctrine entity provider cookbook entry](http://symfony.com/doc/master/cookbook/security/entity_provider.html), then you get the following: ``` security: encoders: Acme\UserBundle\Entity\User: id: security.encoder.passwordhash ``` Configuration ------------- [](#configuration) Comes with one single configuration, the cost factor of bcrypt. Default is set to 15. I chose not to use the built in default value, in order to ensure that some who have less ressources can lower ir, or those who have higher security needs can up it. Even if this value is changed, the system can still read the old passwords without a problem as the cost factor is part of the saved portion. To alter the default add this to your `config.yml`: ``` cr_passwordhash: cost: 5 ``` Note: The cost has to be an integer between 4 and 31. Storage ------- [](#storage) However you store the password hash you will need always 60 bytes for it. The hash will never be shorter but always exactly this length. Make certain you can store it properly, as it has may contain characters that might cause troubles with hand made queries. The salt is included in the password hash, so no need for an extra field there. Testing ------- [](#testing) To run the tests you have to install the dev requirements via `composer install --dev` in order for them to run through. The symfony security component is needed to make it run cleanly (for interfaces and one abstract class). ### Health Score 26 — LowBetter than 43% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity9 Limited adoption so far Community7 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 4850d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f90b3d9868621aaf99f00b4cf21156dd22ecd265bf5b5cb406f21cbd62f5a63f?d=identicon)[ChristianRiesen](/maintainers/ChristianRiesen) --- Top Contributors [![ChristianRiesen](https://avatars.githubusercontent.com/u/1446701?v=4)](https://github.com/ChristianRiesen "ChristianRiesen (12 commits)") --- Tags passwordSymfony2bcryptpassword hashphp5.5 ### Embed Badge ![Health badge](/badges/christian-riesen-password-hash-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/christian-riesen-password-hash-bundle/health.svg)](https://phpackages.com/packages/christian-riesen-password-hash-bundle) ``` ### Alternatives [nette/utils 🛠 Nette Utils: lightweight utilities for string & array manipulation, image handling, safe JSON encoding/decoding, validation, slug or strong password generating etc. 2.1k394.3M1.5k](/packages/nette-utils)[ircmaxell/password-compat A compatibility library for the proposed simplified password hashing algorithm: https://wiki.php.net/rfc/password\_hash 2.1k56.8M122](/packages/ircmaxell-password-compat)[symfony/password-hasher Provides password hashing utilities 813137.2M91](/packages/symfony-password-hasher)[behat/mink-browserkit-driver Symfony2 BrowserKit driver for Mink framework 54462.0M318](/packages/behat-mink-browserkit-driver)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[jeremykendall/password-validator Password Validator validates password\_hash generated passwords, rehashes passwords as necessary, and will upgrade legacy passwords. 14469.9k3](/packages/jeremykendall-password-validator) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)