Stack Overflow
Stack Overflow

Questions tagged [phpass]

phpass is a portable public domain password hashing framework for use in PHP applications.

phpass is a portable public domain password hashing framework for use in PHP applications. It is meant to work with PHP 3 and above.

The preferred (most secure) hashing method supported by phpass is the OpenBSD-style Blowfish-based bcrypt, known in PHP as CRYPT_BLOWFISH, with a fallback to BSDI-style extended DES-based hashes, known in PHP as CRYPT_EXT_DES, and a last resort fallback to MD5-based salted and variable iteration count password hashes implemented in phpass itself (also referred to as portable hashes).

phpass is integrated into various open-source projects, most notably WordPress. A modified version of phpass is used in Drupal.

93 questions
1
vote
3 answers

Not getting PHPASS

I am try to offer the best password safety I can for my program, after some research all roads seem to end at PHPASS as my best option. I'm doing some experimental trials to understand what I'm doing. it's not going well lolAs far as I can see…
Richard Harper
  • 53
  • 1
  • 2
  • 8
1
vote
1 answer

Implement phpass into Laravel

I am using Laravel 3.2 to create a new website. My site is going to link in with an existing user database, meaning users from another site will be able to login to this site with their same account. The existing site uses phpass so I figure, I'll…
Sean
  • 1,758
  • 3
  • 20
  • 34
1
vote
1 answer

Call to undefined method PDOStatement::bind_result()?

I keep getting this error message and don't know why. It is a login script and I copied form here because I didn't know how to do the login using PHPASS. Here is my code: $email = ($_POST['email']); $pass = ($_POST['pass']); require…
Travis Nabbefeld
  • 393
  • 3
  • 7
  • 14
1
vote
1 answer

replicating wordpress password hash in mysql

So I would like to be able to change password hashes that exist in my wordpress wp_user table in the user_pass column. I am hoping to be able to write something as followed: # simplified version of what is desired. UPDATE `wp_user` SET user_pass =…
usumoio
  • 3,500
  • 6
  • 31
  • 57
1
vote
2 answers

Is there a newer / improved / alternative version for phpass?

I'm about to implement phpass into a new application because of its theoretical and technical arguments towards security. It is of course not the only security, but for hashing passwords this seems to me like the best available. However, I don't get…
Lode
  • 2,160
  • 1
  • 20
  • 25
1
vote
1 answer

Password Hashes, Updating Salt and Hash on Login, and PHPass

I remember reading about a scheme where the process of checking a password went like this: given (hash, salt) in a database, hash password with salt to check against the hash, hash password with old hash as salt, store (new hash, salt a.k.a. old…
Andrew Cheong
  • 29,362
  • 15
  • 90
  • 145
1
vote
1 answer

phpass not working

I'm hashing the passwords upon account creation, and that it working (with the password set to VARCHAR(60)) but when I try to do this: $query = $this->CI->db->query("SELECT * FROM users WHERE email = ?", $email); if ($query->num_rows() > 0)…
Sneaksta
  • 1,041
  • 4
  • 24
  • 46
1
vote
2 answers

phpass CheckPassword using different salts?

I have a site with a user area and admin area. In the admin area, I have a page for creating users and a page for creating admins. On the users and admins pages, I used the code below to hash passwords: $hasher = new PasswordHash(8,…
Sean
  • 1,758
  • 3
  • 20
  • 34
0
votes
1 answer

read file with Phpass with Codeigniter

I get this error while using Phpass 0.3 on my CI Controller Message: is_readable() [function.is-readable]: open_basedir restriction in effect. File(/dev/urandom) is not within the allowed path(s):…
Mayfield Four
  • 95
  • 3
  • 9
0
votes
3 answers

phpass returns different results

I just put my project from localhost to my host and using the same (phpass) function I receive different results and the length of the returned string is also different. (and everything works on localhost btw) So the same function returns false when…
BehnUm
  • 141
  • 10
0
votes
1 answer

Portable PHP password hashing framework and ActionScript 3 equivalent

Well? Is it possible? Passwords stored in the database are hashed with The Portable PHP Password Hashing Framework (http://www.openwall.com/phpass/). How can I hash them in the same manner with AS3? If that is not possible, what is the strongest…
Francisc
  • 77,430
  • 63
  • 180
  • 276
0
votes
3 answers

Platform-dependent PHP hashing in Production and Development environments

I decided to drop md5() as the password-encrypting algorithm when storing user passwords in DB, in favor of phpass library. On the systems using md5, it was no problem to have a Production/Development dyad, as the resulting hash was the same. So, in…
nevvermind
  • 3,302
  • 1
  • 36
  • 45
0
votes
2 answers

Migrate Typo3 user with pbkdf2 hashed pw to Wordpress phpass hash method

Basically, I want to mirgrate a list of users with a pw that is hashed with pbkdf2-sha256 to a cms which uses phpass. In order to accomplish this I try to check the entered pw by the user and generate the typo3 hashed pw in order to compare it with…
Julian
  • 1
  • 2
0
votes
2 answers

Phpass - danger of not being able to access all passwords?

Sorry, this may be dumb, but there is something I don't understand about Phpass. If I can create a secure hashed password like this: $pwdHasher = new PasswordHash(8, FALSE); $hash = $pwdHasher->HashPassword( $password ); and later check it like…
james.bcn
  • 1,209
  • 1
  • 12
  • 19
0
votes
1 answer

Issue to match pHpass generated hashed passwords

I add new user to database and hash user password using pHpass. On this point I face weird problem. If I create/hash the password '123' on http://localhost/add.php and check the password using pHpass's CheckPassword method on the same page it will…
Adnan
  • 1,379
  • 2
  • 17
  • 24
1 2 3
4
5 6 7