Feature Request: bcrypt

[sajanp]

A library for using bcrypt would be absolutely awesome.

The encryption library for the current developement version is certainly much improved over the one in 2.1.3, but is still missing a way to use bcrypt.

I realize there's quite a few things to get around considering PHP does not do bcrypt out of the box, but certainly something to look into.

I'll have a crack at it on my own in a bit. Personally, I think using sha512 for password hashing is sufficient (which has a 'CodeIgniter way' of doing it in the current dev), but having bcrypt available for use easily through CI would be great.

[AkenRoberts]

Bcrypt is available through PHP's crypt() function, if your server supports it.

Might be worth putting something together that wraps PHP's upcoming password hashing functions: http://us1.php.net/manual/en/function.password-hash.php Any other thoughts?

[dwightwatson]

Not sure how that would work with CodeIgniter remaining compatible with PHP 5.2+, those new functions are due in 5.5. I think the implementation of PHPass into the core would be a feasible solution.

Alternatively, you could use a third-party library that wraps PHPass to get bcrypt in CodeIgniter, much like my own: https://github.com/dwightwatson/codeigniter-bcrypt. I still think this would be great in the core though.

[AkenRoberts]

I don't see a third party library ever being a part of the core. Adding compatible wrappers for the upcoming password functions would allow comparable functionality until those functions become standard. Then, when they are standard, CI's code is still intact and applications don't require updating. Just an idea to add to a suggestion involving encryption.

[sajanp]

What about implementing crypt(), but have CI throw an error if it's not available. Meaning, some checks would need to be done when the library is loaded.

[narfbg]

PHP 5.3.7+: 3fd1b384273b7b6d56950bbad3e1fac18f5f82e4