luisinder/blowfish-lib

Simple helper library for hashing and verifying passwords using Blowfish (bcrypt).

Maintainers

Details

github.com/luisinder/blowfish-lib

Homepage

Source

Issues

Installs: 174

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 1

Forks: 0

Open Issues: 0

1.0.0 2025-08-10 16:04 UTC

Requires

  • php: >=7.4

Requires (Dev)

MIT 448902d059f9d3fd40d4ff34387a00327e148d6d

  • Luis Cajigas

passwordhashblowfishbcrypt

This package is auto-updated.

Last update: 2025-08-10 16:05:32 UTC

README

Simple helper library for hashing and verifying passwords using the Blowfish (bcrypt) algorithm in PHP.

โœจ Features

  • Secure password hashing via password_hash() (bcrypt)
  • Password verification helper
  • Configurable cost factor
  • Backwards-compatible method names (crypt_blowfish, checkPassword) retained

๐Ÿ“ฆ Installation

Via Composer (recommended):

composer require luisinder/blowfish-lib

Or clone/download and include the file manually:

require_once __DIR__ . '/src/blowFish.php';

โœ… Requirements

  • PHP >= 7.4

๐Ÿš€ Usage

require_once __DIR__ . '/vendor/autoload.php';

$bf = new BlowFish(12); // cost factor 12

$hash = $bf->hashPassword('My$ecretP@ss');

if ($bf->verifyPassword('My$ecretP@ss', $hash)) {
	echo "Password valid"; 
} else {
	echo "Invalid password";
}

Backwards Compatibility

Older code using:

$bf->crypt_blowfish($password);
$bf->checkPassword($plain, $hash);

โ€ฆwill still function, but you should migrate to:

$bf->hashPassword($password);
$bf->verifyPassword($plain, $hash);

An internal class_alias keeps the legacy lowercase blowFish class name available.

Rehashing Strategy

You can detect when to upgrade stored hashes to a higher cost:

$bf = new BlowFish(10);
$hash = $bf->hashPassword('secret');

// Later increase cost
$bfStronger = new BlowFish(12);
if ($bfStronger->needsRehash($hash)) {
	$hash = $bfStronger->hashPassword('secret');
}

โš™๏ธ Cost Factor Guidance

Typical values: 10โ€“14. Higher = more secure but slower. Benchmark in your environment aiming for ~100ms or less per hash for interactive logins.

๐Ÿ”’ Security Notes

  • Do NOT store plain passwords.
  • Always use password_verify() (wrapped by verifyPassword).
  • Rotate the cost upwards over time; you can rehash existing hashes with password_needs_rehash() externally if desired (not included to keep this helper minimal).

๐Ÿ“„ License

MIT. See LICENSE.

๐Ÿงพ Changelog

See CHANGELOG.md for notable changes.

๐Ÿค Contributing

Issues and pull requests are welcome. Please include a clear description and if possible a test snippet to reproduce or validate the change.

๐Ÿงช Example Script

Run the included example after install:

composer run example

๐Ÿงช Tests

Install dev dependencies and run PHPUnit:

composer install
composer test

๐Ÿ›  Continuous Integration

GitHub Actions workflow runs the test suite on PHP 7.4โ€“8.3. See .github/workflows/ci.yml.

Author

Luis Cajigas

Enjoy and stay secure!