Blowfish is a block cypher, which does mean that given the key, someone can quickly reverse the results done by the encrpytion. This is not a hashing system, and thus not sutable for such use on a forum (although IIRC OpenBSD uses it for its password storage, ho hum).asgl wrote: what about using blowfish with an user-defined salt?
there are lots of libraries written in php that can do this
As for its strength, blowfish does its work over 16 rounds. Last time I checked, a cryptologist called Vincent Rijmen used a second order differential attack (in short, looking at the input vs the output to work out where the block cypher isn't so random), which managed to expose a weakness in four of the sixteen rounds. Thats the highest anyone's ever gone with blowfish, so it is secure.