Edward Z. Yang wrote:
I would recommend rolling a pure-PHP implementation of
SHA-256 and
siwtching to the hash implementation if it is present.
New crypto implementations often have far more security issues than the
primitives they're implementing. Despite the known attacks on SHA-1,
it's perfectly fine for password hashing, and it doesn't require
external libraries. Use it, be merry.
--
Ivan Krstić <krstic(a)solarsail.hcs.harvard.edu> | GPG: 0x147C722D