PHPackages                             yarri/my-blowfish - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. yarri/my-blowfish

ActiveLibrary[Security](/categories/security)

yarri/my-blowfish
=================

Simple class for passwords hashing and checking using Blowfish algorithm

v1.4.2(3mo ago)140.2k—2.7%2MITPHPPHP &gt;=5.3.0CI passing

Since Aug 30Pushed 3mo ago1 watchersCompare

[ Source](https://github.com/yarri/MyBlowfish)[ Packagist](https://packagist.org/packages/yarri/my-blowfish)[ Docs](https://github.com/yarri/MyBlowfish)[ RSS](/packages/yarri-my-blowfish/feed)WikiDiscussions master Synced 2d ago

READMEChangelog (1)Dependencies (2)Versions (10)Used By (2)

MyBlowfish
==========

[](#myblowfish)

[![Tests](https://github.com/yarri/MyBlowfish/actions/workflows/tests.yml/badge.svg)](https://github.com/yarri/MyBlowfish/actions/workflows/tests.yml)[![Downloads](https://camo.githubusercontent.com/e23007720ad2deac39d822f3f9e466e9fd351f17a877042af3b62389186da318/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f79617272692f6d792d626c6f77666973682e737667)](https://packagist.org/packages/yarri/my-blowfish)[![Codacy Badge](https://camo.githubusercontent.com/76bb27696df74bcd5363ac290bee9479b66d3f814e2c3e8fd8de6f6949c98f5b/68747470733a2f2f6170702e636f646163792e636f6d2f70726f6a6563742f62616467652f47726164652f3637666432333461316231323430646361663334306562383933386535373538)](https://www.codacy.com/gh/yarri/MyBlowfish/dashboard?utm_source=github.com&utm_medium=referral&utm_content=yarri/MyBlowfish&utm_campaign=Badge_Grade)

MyBlowfish is a simple PHP class for password hashing and checking using the Blowfish (bcrypt) algorithm.

It was originally developed for [ATK14 Framework](http://www.atk14.net/), but it can be used in any application.

- [Installation](#installation)
- [Basic usage](#basic-usage)
- [Blowfish rounds](#blowfish-rounds)
- [Blowfish hash prefixes](#blowfish-hash-prefixes)
- [A popular integration into an ATK14 project](#a-popular-integration-into-an-atk14-project)
- [Testing](#testing)
- [License](#license)

Installation
------------

[](#installation)

```
composer require yarri/my-blowfish
```

Basic usage
-----------

[](#basic-usage)

```
$password = "honeyBump";
MyBlowfish::IsHash($password); // false

$hash = MyBlowfish::Filter($password);
MyBlowfish::IsHash($hash); // true

// A different salt is used automatically in another call of Filter().
// So the new hash from the same password differs from the old one.
$hash2 = MyBlowfish::Filter($password); // $hash2 !== $hash

// Filter() doesn't make hash from a hash!
$hash3 = MyBlowfish::Filter($hash); // $hash3 === $hash

// There is also method GetHash() which makes hash in every case.
$hash4 = MyBlowfish::GetHash($hash); // $hash4 !== $hash

MyBlowfish::CheckPassword($password, $hash);     // true
MyBlowfish::CheckPassword("badTry", $hash);      // false
MyBlowfish::CheckPassword($hash, $hash);         // false

MyBlowfish::CheckPassword($password, $hash2);    // true

MyBlowfish::CheckPassword($password, $hash4);    // false
MyBlowfish::CheckPassword($hash, $hash4);        // true

MyBlowfish::CheckPassword($password, $password); // false; 2nd param is not a blowfish hash
```

Blowfish rounds
---------------

[](#blowfish-rounds)

The complexity of a Blowfish hash calculation can be affected by the number of rounds. The higher the value, the more time-consuming the password cracking process becomes. The default value in MyBlowfish is 12.

The number of rounds can be set by the constant `MY_BLOWFISH_ROUNDS`:

```
// min     .. 4
// max     .. 31
// optimal .. 10, 11, 12
// default .. 12
define('MY_BLOWFISH_ROUNDS', 12);
```

Beware that high values of Blowfish rounds may lead to unacceptably long hash calculation times.

Blowfish hash prefixes
----------------------

[](#blowfish-hash-prefixes)

Blowfish hashes are prefixed with either `$2a$`, `$2b$` or `$2y$`. MyBlowfish can handle all of them.

The default prefix is `$2y$`, which is the recommended modern variant — it fixes a bug present in the original `$2a$` implementation.

The default prefix can be changed via the constant `MY_BLOWFISH_PREFIX`:

```
// default .. '$2y$'
define('MY_BLOWFISH_PREFIX', '$2b$');
```

A popular integration into an ATK14 project
-------------------------------------------

[](#a-popular-integration-into-an-atk14-project)

Consider a table `users` which has among other fields `login` and `password`. Passwords should never be stored in plain text — only as Blowfish hashes. This can be achieved transparently in the model class `User`:

```
