PHPASS
[Hashing Home][Home]
phpass is used as a hashing method by WordPress and Drupal. It is public domain software and used with PHP applications.
OutlineThe three main methods used are:
The output uses the following to identifiy the differing types:
Figure 1: phpass format sample run with “password” and salt of “ZDzPE45C” for seven rounds gives: $P$5ZDzPE45Ci.QxPaPz.03z6TYbakcSQ0 Where it can be see that the salt value is paced after "\$P\$5" ("ZDzPE45C"), and after that there are 22 Base-64 characters (giving 128-bit hash signature). |
Code
You can check the output against the following Python code:
import passlib.hash; string = "password" salt="ZDzPE45C" add=7 try: print (passlib.hash.phpass.hash(string, salt=salt,rounds=add)) print (passlib.hash.phpass.hash(string, salt=salt,rounds=add,ident="H")) print ("Using "+str(add)+" rounds") except Exception as ex: print (str(ex))
which should give: \$P\$5ZDzPE45Ci.QxPaPz.03z6TYbakcSQ0
The code uses 7 rounds - to save processor time - but it can vary between 7 and 30 rounds. The default is \(19\) rounds and which gives \(2^{19}\) interations. The number of iterations is \(2^{rounds}\). In this case the hash is "i.QxPaPz.03z6TYbakcSQ0" which is a 128-bit hash signature.
The number of rounds is a single character encoding a 6-bit integer. '5' is 7 rounds, '6' is 8 rounds, and so on.