I want to use Blowfish hashing to hash password.
crypt() does not support it in PHP versions prior to 5.3
My PHP version is 5.2.14. How can I use Blowfish hashing? Can I use PEAR's Crypt_Blowfish instead?
PEAR's Crypt_Blowfish is meant to stand in for PHP's MCrypt extension - it's a two-way encryption scheme, not for hashing. While bcrypt is based on Blowfish, it's not the same thing. Confusingly, PHP 5.3.0's CRYPT_BLOWFISH is a hashing algorithm.
Is there a reason why upgrading to PHP 5.3.0+ would not be possible? This isn't something you want to try to implement yourself. If you can, phpass is a great way to do bcrypt-based password hashing securely. If you absolutely can't upgrade, phpass falls back to older hashing schemes (but it's still more secure than plain MD5, etc).
If for some reason you can install Suhosin but not upgrade PHP, that would add CRYPT_BLOWFISH support.
To make sure you don't currently have CRYPT_BLOWFISH installed, try the following:
echo (CRYPT_BLOWFISH === 1) ? 'CRYPT_BLOWFISH is enabled!' : 'CRYPT_BLOWFISH is not available';