PHPackages                             elnur/blowfish-password-encoder-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. elnur/blowfish-password-encoder-bundle

ActiveSymfony-bundle[Security](/categories/security)

elnur/blowfish-password-encoder-bundle
======================================

Blowfish (bcrypt) based password encoder for Symfony2

0.5.0(12y ago)62129.6k7MITPHPPHP &gt;=5.3.2

Since Apr 15Pushed 12y ago1 watchersCompare

[ Source](https://github.com/elnur/ElnurBlowfishPasswordEncoderBundle)[ Packagist](https://packagist.org/packages/elnur/blowfish-password-encoder-bundle)[ RSS](/packages/elnur-blowfish-password-encoder-bundle/feed)WikiDiscussions master Synced today

READMEChangelogDependencies (4)Versions (4)Used By (0)

ElnurBlowfishPasswordEncoderBundle
==================================

[](#elnurblowfishpasswordencoderbundle)

[![Build Status](https://camo.githubusercontent.com/5b1f8948afbf6a86a032a2b9651cfa323972fb3053022faf60401784a812b4eb/68747470733a2f2f7365637572652e7472617669732d63692e6f72672f656c6e75722f456c6e7572426c6f776669736850617373776f7264456e636f64657242756e646c652e706e67)](http://travis-ci.org/elnur/ElnurBlowfishPasswordEncoderBundle)

Still using `MD5` or `SHA` family hashing algorithms for password “encryption”? If you are, read [this](http://codahale.com/how-to-safely-store-a-password) and [that](http://yorickpeterse.com/articles/use-bcrypt-fool) and then come back to get yourself a copy of this bundle.

> The [BCrypt password encoder](http://symfony.com/doc/current/reference/configuration/security.html#using-the-bcrypt-password-encoder) has been added to the Symfony core in 2.2 and has been improved to the level of this bundle and beyond in 2.3. So, if you're using Symfony 2.3+, consider using the encoder from the core instead of this bundle.

Installation
------------

[](#installation)

1. Add this to the `composer.json`:

    ```
    {
        "require": {
            "elnur/blowfish-password-encoder-bundle": "~0.5"
        }
    }

    ```

    And run:

    ```
    php composer.phar update elnur/blowfish-password-encoder-bundle

    ```
2. Enable the bundle in `app/AppKernel.php`:

    ```
    public function registerBundles()
    {
        $bundles = array(
            // ...
            new Elnur\BlowfishPasswordEncoderBundle\ElnurBlowfishPasswordEncoderBundle(),
        );
    }

    ```
3. And, finally, set the encoder in `app/config/security.yml`:

    ```
    security:
        encoders:
            Symfony\Component\Security\Core\User\User:
                id: security.encoder.blowfish

    ```

Configuration
-------------

[](#configuration)

By default the encoder uses a cost factor of `15`, which is pretty reasonable, but you can change it to a different value in the range of `4-31` by editing the `config.yml` file:

```
elnur_blowfish_password_encoder:
    cost: 10

```

Each increment of the cost *doubles* the time it takes to encode a password.

You can change the cost factor at *any time* — even if you already have some passwords encoded using a different cost factor. New passwords will be encoded using the new cost factor, while the already encoded ones will be validated using a cost factor that was used back when they were encoded.

Usage
-----

[](#usage)

A salt for each new password is generated automatically and need not be persisted. Since an encoded password contains the salt used to encode it, persisting the encoded password alone is enough.

All the encoded passwords are `60` characters long, so make sure to allocate enough space for them to be persisted.

License
-------

[](#license)

This bundle is under the MIT license. See the complete license in the bundle:

```
Resources/meta/LICENSE

```

Acknowledgements
----------------

[](#acknowledgements)

I thank [asm89](https://github.com/asm89) for enlightening me by giving the links you see above and answering my other related questions on the `#symfony`channel.

And I thank [dustin10](https://github.com/dustin10) for suggesting to add the extension class to make the bundle easier to install and configure.

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity38

Limited adoption so far

Community14

Small or concentrated contributor base

Maturity50

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 89.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~278 days

Total

3

Last Release

4636d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/821060?v=4)[Elnur Abdurrakhimov](/maintainers/elnur)[@elnur](https://github.com/elnur)

---

Top Contributors

[![elnur](https://avatars.githubusercontent.com/u/821060?v=4)](https://github.com/elnur "elnur (17 commits)")[![carbocation](https://avatars.githubusercontent.com/u/218804?v=4)](https://github.com/carbocation "carbocation (1 commits)")[![shieldo](https://avatars.githubusercontent.com/u/97280?v=4)](https://github.com/shieldo "shieldo (1 commits)")

---

Tags

securityblowfishbcryptpassword-encoder

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/elnur-blowfish-password-encoder-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/elnur-blowfish-password-encoder-bundle/health.svg)](https://phpackages.com/packages/elnur-blowfish-password-encoder-bundle)
```

###  Alternatives

[easycorp/easyadmin-bundle

Admin generator for Symfony applications

4.3k17.9M388](/packages/easycorp-easyadmin-bundle)[rcsofttech/audit-trail-bundle

Enterprise-grade, high-performance Symfony audit trail bundle. Automatically track Doctrine entity changes with split-phase architecture, multiple transports (HTTP, Queue, Doctrine), and sensitive data masking.

1189.8k](/packages/rcsofttech-audit-trail-bundle)[prestashop/prestashop

PrestaShop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers.

9.1k17.8k](/packages/prestashop-prestashop)[kimai/kimai

Kimai - Time Tracking

4.8k9.0k1](/packages/kimai-kimai)[web-auth/webauthn-framework

FIDO2/Webauthn library for PHP and Symfony Bundle.

515100.5k3](/packages/web-auth-webauthn-framework)[2lenet/crudit-bundle

The easy like Crud'it Bundle.

1616.4k14](/packages/2lenet-crudit-bundle)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
