Every now and then I hear the advice "Use bcrypt for storing passwords in PHP, bcrypt rulllez!!!11"
OK, but what is this bcrypt? PHP doesn't offer any such functions, wikipedia babbles about a file-encryption utility and Googling just reveals a few implementations of blowfish in different languages. OK, blowfish is also available in PHP via mcrypt, but how does that help with storing passwords? Blowfish is a general purpose cypher, it works two ways. If it could be encrypted, it can be decrypted. Passwords need a one-way hashing function.
Could anyone explain?