A little guideline on how to use the PHP 5.5 password hashing functions and it's "library plugin" based PHP 5.3 & 5.4 implementation - normai/php-login-xdb GitHub Wiki

This script will use the PHP 5.5 password hashing functions, that will come with the new PHP 5.5! To make PHP 5.3 and 5.4 being able to also use those functions, the creators of exactly those have written a simple one-file library, that emulates those functions in PHP 5.3 / 5.4. If you want to know more, please look here.

As those functions are VERY new (PHP 5.5 is not even released when i write these lines), they are not documented very well on the web. To make clear what happens here and what exactly they do, want and return, please have a look on this little piece of code: https://gist.github.com/panique/5658534

LONG VERSION: In PHP 5.5, there will be 4 new and very nice functions that handle the password-hashing, password-verifying and password-rehashing process in a very smooth, clear and standardized process: password_hash(), password_verify(), password_needs_rehash() and password_get_info(). According to some good sources and several benchmarks this seems to be the best, cleanest and most secure way to handle passwords currently and in the next future. Those functions also make the use of the so-called cost factor very easy: When time goes by and server power (and password cracking equipment !) becomes stronger, you'll be able to increase the cost factor, making your password hashing more cpu-intense and more secure. Old password hashes will be rehashed in a seamless and easy way. It's definitly a future-proof technology.

In PHP 5.3 and 5.4 those functions are not available. So the creators of those new PHP core functions have also written a simple PHP library (just one small file) that emulate [is emulate the right word here ?] those functions and make them available in PHP 5.3 and 5.4.

In consequence: Let's implement this one-file-library, and maybe add some comments and additional error handling. This will be a big step forward and will clearly finish the discussion about hashing/salting and security.

The "official" PHP password compatibility library: here. We only need the file /lib/password.php !

Official introduction (but very trivial if you ask me): here.

Better introduction (in german, but code is in english): here.