Since PHP 5.5, the answer has been:<p><pre><code> $hash = password_hash($password, PASSWORD_BCRYPT)
</code></pre>
and<p><pre><code> password_verify($password, $hash)
</code></pre>
These are a part of the PHP standard library and should be available in any PHP installation >= 5.5: <a href="https://secure.php.net/manual/en/function.password-hash.php" rel="nofollow">https://secure.php.net/manual/en/function.password-hash.php</a><p>If you're stuck with an older version of PHP, you should try to upgrade it. If you really really can't, the answer gets more complicated, but you can still store and compare a bcrypt'd hash.