PHP 5.5 to implement New Password Hashing API

PHP 5.5 is the latest open source platform that might revolutionize the way web applications are created. PHP 5.5 release is already being planned. The release manager was chosen for some of the advanced features that have been decided and the release date is predetermined. This is one of the crucial topics discussed by all those looking forward for creative applications development including mobile apps as well. We have experienced PHP developers with us who are capable of creating best performing applications with maximum features included.

PHP 5.4 was the current version that released for vivid use just four months ago, so it obviously a bit too early to glance at the next PHP version. Having a quick review of what PHP 5.5 might look like will prove to be crucial for you in this regard.

However, PHP 5.5 is still in an early development stage, so nobody is aware of how the end result will look like. All we are explaining here are the probable consequences. We are totally sure that not all of the things listed below will go into PHP 5.5, or at least not in their current form.

The list of latest features / proposals is indeed huge and not determined by importance. So if you don’t want to read through all of it, here are the four features we are selectively providing for your quick reference.

  • A simple API for password hashing
  • Scalar typehinting
  • Getters and setters
  • Generators

Backwards compatibility breaks

Let us begin with two changes that already landed in master and represent BC breaks (to some degree at least):

Windows XP and 2003 not supported anymore

PHP 5.5 will no longer support Windows XP and 2003. Those systems are around a decade old, so PHP is pulling the plug on them.

/e modifier deprecated

Status: landed; Responsible: personal

The e modifier explains the preg_replace function to estimate the replacement string as PHP code ahead of just doing a common string replacement. Interestingly, this behavior is a constant source of concerns and security issues. That’s why use of this modifier will throw a deprecation warning as of PHP 5.5. As a replacement you should use the preg_replace_callback function. You can obtain additional details on this change in the relevant RFC.

Function and class additions

It is necessary to glance at some the planned function and class additions:


Status: landed; Responsible: Jille Timmermans

PHP already implements the strval, intval and floatval functions. To be consistent the boolval function is now added, too. It does exactly the same thing as a (bool) cast, but can be used as a callback function.


Status: landed; Responsible: Anthony Ferrara

PBKDF2 stands for “Password-Based Key Derivation Function 2” and is - as the name already says - an algorithm for deriving a cryptographic key from a password. This is required for encryption algorithms, but can also be used for password hashing. For a more extensive description and usage examples see the RFC.

Intl additions

Status: landed; Responsible: Gustavo André dos Santos Lopes

There have been many improvements to the intl extension. E.g. there will be new IntlCalendar, IntlGregorianCalendar, IntlTimeZone, IntlBreakIterator, IntlRuleBasedBreakIterator, IntlCodePointBreakIterator classes. We sadly don’t know much about the intl extension, so we will just direct you to the mailing list announcements for Calendar and BreakIterator, if you want to know more.

Our experienced PHP developers are capable of using all the features in order to provide you best performing applications with latest features included.

You can share this post!