The Bcrypt plugin is a secure and lightweight password hashing library.

Namespace: \
File location: lib/bcrypt.php

Notice: This plugin uses BLOWFISH to hash your passwords, which needs at least PHP version 5.3.7. Keep in mind to implement alternative hashing methods, if you aim to support lower versions as well (F3 itself just needs PHP 5.3.3).


$crypt = \Bcrypt::instance();


Generate bcrypt hash of string

string|FALSE hash ( string $pw [, string $salt = NULL [, int $cost = 10 ]] )

If provided, the $salt parameter must be at least 22 alphanumeric characters.

The $cost parameter triggers the iteration count for the underlying Blowfish-based hashing algorithmeter and must be in range 04-31.


Check if password is still strong enough

bool needs_rehash ( string $hash [, int $cost = 10 ] )

If you decide to move to stronger passwords, you can check if the password hash will meet that $cost requirement. In case it's too weak, you could inform the user to choose a stronger one.


Verify password against hash using timing attack resistant approach

bool verify ( string $pw, string $hash )