btw ircmaxell knows what he's talking about when it comes to using crypto in php :)
at least it seems so from his web writings for the past 4 years
"Earlier versions of PHP acted weirdly if bcrypt support was not compiled in from scratch. Starting with 5.3.0, BCrypt is included (and enabled) by default. But older versions may or may not have support. The problem here is that if you used a bcrypt style salt in crypt() when bcrypt was not available, it wouldn't error out. Instead, it would fall back to using DES (which is extremely weak). Here's an example: "