PHPackages christian-riesen/password-hash-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. christian-riesen/password-hash-bundle AbandonedArchivedSymfony-bundle[Authentication & Authorization](/categories/authentication) christian-riesen/password-hash-bundle ===================================== Custom password encoder for symfony2, using the new password hash api from php 5.5 (with fallback for 5.3 + 5.4) 1.2(13y ago)055MITPHPPHP >=5.3.7 Since Jan 30Pushed 13y ago1 watchersCompare [ Source](https://github.com/ChristianRiesen/password-hash-bundle)[ Packagist](https://packagist.org/packages/christian-riesen/password-hash-bundle)[ Docs](https://github.com/ChristianRiesen/password-hash-bundle)[ RSS](/packages/christian-riesen-password-hash-bundle/feed)WikiDiscussions master Synced 3w ago READMEChangelogDependencies (2)Versions (2)Used By (0) Password Hash Bundle ==================== [](#password-hash-bundle) Custom password encoder for symfony2, using the new password hash api from php 5.5 (with fallback for 5.3 + 5.4). Uses the [password\_compat implementation](https://github.com/ircmaxell/password_compat) by [Anthony Ferrara](http://blog.ircmaxell.com/) to provide a fallback for PHP 5.3 and 5.4. In PHP 5.5 it will ignore the fallback and use the native [password\_hash functions](http://php.net/manual/en/ref.password.php). Installation ------------ [](#installation) Use [composer](http://getcomposer.org/) and require the library in your `composer.json` ``` { "require": { "christian-riesen/password-hash-bundle": "1.*", } } ``` Update and you have this and the required library all in one package. Now update the AppKernel.php: ``` public function registerBundles() { $bundles = array( // ... new ChristianRiesen\PasswordHashBundle\PasswordHashBundle(), ); } ``` Now it's ready to be used in the `security.yml` file in `app\config` ``` security: encoders: Symfony\Component\Security\Core\User\User: id: security.encoder.passwordhash ``` If you have a different model, you can change it to that, for example, if you followed the [doctrine entity provider cookbook entry](http://symfony.com/doc/master/cookbook/security/entity_provider.html), then you get the following: ``` security: encoders: Acme\UserBundle\Entity\User: id: security.encoder.passwordhash ``` Configuration ------------- [](#configuration) Comes with one single configuration, the cost factor of bcrypt. Default is set to 15. I chose not to use the built in default value, in order to ensure that some who have less ressources can lower ir, or those who have higher security needs can up it. Even if this value is changed, the system can still read the old passwords without a problem as the cost factor is part of the saved portion. To alter the default add this to your `config.yml`: ``` cr_passwordhash: cost: 5 ``` Note: The cost has to be an integer between 4 and 31. Storage ------- [](#storage) However you store the password hash you will need always 60 bytes for it. The hash will never be shorter but always exactly this length. Make certain you can store it properly, as it has may contain characters that might cause troubles with hand made queries. The salt is included in the password hash, so no need for an extra field there. Testing ------- [](#testing) To run the tests you have to install the dev requirements via `composer install --dev` in order for them to run through. The symfony security component is needed to make it run cleanly (for interfaces and one abstract class). ### Health Score 26 — LowBetter than 41% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity8 Limited adoption so far Community7 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 4895d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f90b3d9868621aaf99f00b4cf21156dd22ecd265bf5b5cb406f21cbd62f5a63f?d=identicon)[ChristianRiesen](/maintainers/ChristianRiesen) --- Top Contributors [![ChristianRiesen](https://avatars.githubusercontent.com/u/1446701?v=4)](https://github.com/ChristianRiesen "ChristianRiesen (12 commits)") --- Tags passwordSymfony2bcryptpassword hashphp5.5 ### Embed Badge ![Health badge](/badges/christian-riesen-password-hash-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/christian-riesen-password-hash-bundle/health.svg)](https://phpackages.com/packages/christian-riesen-password-hash-bundle) ``` ### Alternatives [paragonie/halite High-level cryptography interface powered by libsodium 1.2k10.2M76](/packages/paragonie-halite)[phpnode/yiipassword Password strategies for the Yii PHP framework. 75190.4k3](/packages/phpnode-yiipassword)[kartik-v/yii2-password Useful password strength validation utilities for Yii Framework 2.0 761.2M17](/packages/kartik-v-yii2-password)[gfreeau/get-jwt-bundle This Symfony bundle provides a security listener to return a JWT 86592.7k3](/packages/gfreeau-get-jwt-bundle)[ellaisys/aws-cognito AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP 121242.9k1](/packages/ellaisys-aws-cognito)[jeremykendall/password-validator Password Validator validates password\_hash generated passwords, rehashes passwords as necessary, and will upgrade legacy passwords. 14270.3k3](/packages/jeremykendall-password-validator) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)