Stack Overflow
Stack Overflow

Questions tagged [phpass]

phpass is a portable public domain password hashing framework for use in PHP applications.

phpass is a portable public domain password hashing framework for use in PHP applications. It is meant to work with PHP 3 and above.

The preferred (most secure) hashing method supported by phpass is the OpenBSD-style Blowfish-based bcrypt, known in PHP as CRYPT_BLOWFISH, with a fallback to BSDI-style extended DES-based hashes, known in PHP as CRYPT_EXT_DES, and a last resort fallback to MD5-based salted and variable iteration count password hashes implemented in phpass itself (also referred to as portable hashes).

phpass is integrated into various open-source projects, most notably WordPress. A modified version of phpass is used in Drupal.

93 questions
1
vote
1 answer

Is it safe to sanitize passwords being given to PHPass, and vice versa?

From my understanding of hashing in general, one changed character any place can throw the whole hash into a different ballpark... and that got me thinking... Is sanitizing a password being given to PHPass a good idea? If at some future PHP version…
Aeo
  • 113
  • 4
1
vote
1 answer

Mimic CRYPT_BLOWFISH with MCRYPT_BLOWFISH

My question is how do I get the same result from mcrypt as I would get from crypt, with respect to blowfish? I am wanting to use the phpass framework for password hashing and verifying. Which works really well as long has you have PHP 5.3 because…
Matt R. Wilson
  • 7,268
  • 5
  • 32
  • 48
1
vote
2 answers

PHP and recovering password process

So Im planning to use phpass for hashing passwords for my authentication system in php. My question is, what is the best practice when someone requests to recover their password because they forgot it? Would you implement a question/answer system…
John
  • 9,840
  • 26
  • 91
  • 137
1
vote
0 answers

A special base64 implementation in Go/Golang (like in Drupal's PhpassHashedPassword::base64Encode())

I have tried to implement a Drupal compatible authentication in Go and use this package for base64 encoding: golang.org/src/encoding/base64/base64.go The Result: the created and in Drupal saved hashes don't matches. Only after reimplementing Go's…
Hermann Schwarz
  • 1,495
  • 1
  • 15
  • 30
1
vote
1 answer

Grepping list of phpass hashes against a file

I'm trying to grep multiple strings which look like this (there's a few hundred) against a file which contains data:string Example strings: (no sensitive data is provided, they have been modified). $H$9a...DcuCqC/rMVmfiFNm2rqhK5vFW1 …
StackStackAndStack
  • 157
  • 6
1
vote
1 answer

WP and Node implementations of Phpass does not match when there are international characters in the password

I want to authenticate WP users using my own authentication service written in Node. I have users saved in the wp_users table. Their passwords are hashed using Phpass method by WordPress. When a user is trying to log into his account, WP is using…
Sebastian Kaczmarek
  • 8,120
  • 4
  • 20
  • 38
1
vote
1 answer

Generating PHPass for Wordpress Passwords

I am working on an application wnere I need to check for authenticity of user according to his wordpress userid/password. Trouble is, I don't know how to check whether a password is correct or not. I read at Wordpress MD5 Password that after…
Tarun
  • 5,374
  • 4
  • 22
  • 32
1
vote
2 answers

How does woo commerce encrypt passwords?

I have a website with woo commerce installed in it. I am currently using it as an online store. However I want to make an app version of the website so that people can sign up, sign in and purchase stuff on the app as well as the website. So I…
Luid
  • 33
  • 9
1
vote
1 answer

Check phpass is correct on my existing login page

I'm trying to add Phpass to my website but no matter what I do I can't get the $check boolean to return true to let me actually log in, So far I've managed to encrypt my password with it and store it on the database but checking against it is…
John B
  • 105
  • 1
  • 2
  • 11
1
vote
0 answers

phpass checkpassword won't let me log in

I'm trying to make phpass work by using this article: https://sunnyis.me/blog/secure-passwords When I create a new user there is no problem. Everything uploads to the database and i get a salted hash that looks something like…
Querty
  • 13
  • 5
1
vote
0 answers

How to match phpass hashed password(codeigniter) in java(android)?

I am developing an android application where I have to synchronize the user table info from a remote mySql database to the sqlite database of android device through API communication. The user table has a field to keep the passwords of the users.…
CrazyLearner
  • 782
  • 3
  • 11
  • 28
1
vote
1 answer

Check drupal 7 password to C#

I am using CryptSharp official version for Checking drupal password hash but I am always getting false, Libarary doesn't have any direct documentation for drupal 7 password 7 but it is saying it has drupal 7 support on nuget description. Using this…
Govind Malviya
  • 13,627
  • 17
  • 68
  • 94
1
vote
2 answers

How can * be a safe hashed password?

phpass is a widely used hashing 'framework'. While evaluating phpass' HashPassword I came across this odd method fragment. function HashPassword($password) { // trying to generate a hash… # Returning '*' on error is…
Exception e
  • 1,864
  • 3
  • 19
  • 33
1
vote
1 answer

Phpass Signature

I'm currently looking for a way to encrypt my users passwords, and rather than simply using crypt(), I've settled on utilizing Phpass 0.3 after reading this stackoverflow answer. However when you visit the Phpass home page, it also has the option…
Mastrianni
  • 3,900
  • 3
  • 20
  • 32
1
vote
0 answers

Codeigniter PHPASS Logging In

I am using phpass for my login in codeigniter. But can not log on, there are know errors showing up I am not sure what the go is. Username and password correct. I have the library user in my system folder because I use multiple ci installs. I am…
user3659372
1 2
3
4 5 6 7