Questions tagged [phpass]

phpass is a portable public domain password hashing framework for use in PHP applications.

phpass is a portable public domain password hashing framework for use in PHP applications. It is meant to work with PHP 3 and above.

The preferred (most secure) hashing method supported by phpass is the OpenBSD-style Blowfish-based bcrypt, known in PHP as CRYPT_BLOWFISH, with a fallback to BSDI-style extended DES-based hashes, known in PHP as CRYPT_EXT_DES, and a last resort fallback to MD5-based salted and variable iteration count password hashes implemented in phpass itself (also referred to as portable hashes).

phpass is integrated into various open-source projects, most notably WordPress. A modified version of phpass is used in Drupal.

93 questions

votes

1 answer

Portable (PHPass) password hashes. Should I use them?

I'm installing a user registration script (Tank Auth) for my website. In the installation guide its says, WARNING: By default the library generates strong system-specific password hashes that are not portable. It means that once created, user …

asked Mar 17 '11 at 18:35

CyberJunkie

21,596
59
148
215

votes

2 answers

Is the salt contained in a phpass hash or do you need to salt its input?

phpass is a widely used hashing 'framework'. Is it good practice to salt the plain password before giving it to PasswordHash (v0.2), like so?: $dynamicSalt = $record['salt']; $staticSalt = 'i5ininsfj5lt4hbfduk54fjbhoxc80sdf'; $plainPassword =…

php security hash phpass

asked Apr 07 '10 at 22:23

Exception e

1,864
3
19
33

votes

3 answers

phpass the best solution for secure password-storing?

I'm creating a service which handles a lot of personal data, and therefor it's not appropriate to let the passwords simply fly out. I've been diggin' around to find any possible solutions, and one that caught my attention is phpass. I did read about…

php passwords hash phpass

asked Jul 12 '11 at 17:42

Martti Laine

12,655
22
68
102

votes

3 answers

Check if open_basedir restriction is in effect

I'm getting the following warning when using PHPass (http://www.openwall.com/phpass/): open_basedir restriction in effect. File(/dev/urandom) is not within the allowed path(s) Although this is not a big problem (it will fall back on something…

php open-basedir phpass

asked Jan 29 '14 at 09:43

T.S.

1,242
13
22

votes

4 answers

Can I access /dev/urandom with open_basedir in effect?

I want to use phpass-0.3 in Codeigniter, but I get the following error due to open_basedir: A PHP Error was encountered Severity: Warning Message: is_readable() [function.is-readable]: open_basedir restriction in effect.…

php codeigniter phpass

asked Apr 28 '12 at 12:25

jennifer Jolie

votes

4 answers

Are there any security pitfalls with using existing MD5 hashes with PHPass?

Before I knew better, I implemented a login system with md5 as the hashing algorithm. Now that I do know better, I'd like to move to using PHPass. My problem is that the system is already in production and asking all users to change their passwords…

php security migration phpass

asked Sep 04 '11 at 07:47

Tarek Fadel

1,909
1
14
22

votes

1 answer

Codeigntier: Unable to load the requested file: helpers/phpass_helper.php on Ubuntu 14.04

I am trying to load Phpass helper in my base controller in order to hash my password. However, it doesn't seem to load on Ubuntu 14.04. I tried to search and some people said it probably because Linux is case sensitive, so I changed my file from…

php codeigniter ubuntu phpass

asked Feb 12 '16 at 06:47

mayleficent

votes

6 answers

Check WordPress hashed password with plain password

I am building a external application for which user login credentials will be taken from WordPress site database table 'users' WordPress uses PHPass hashing , I am unable to validate username and password for my external application as the password…

php mysql wordpress hash phpass

asked Oct 30 '13 at 08:46

ManojGeek

1,977
2
16
23

votes

3 answers

Proper salting and using PHPass

I've been using PHPass to hash my passwords for a long time. I admit that there's still things I don't fully understand (or ignore) to hash a password properly so today I was reviewing all the info I could find about it. Reviewing PHPass documents,…

php security phpass

asked Aug 27 '12 at 10:23

Pherrymason

7,835
8
39
57

votes

4 answers

What is the benefit of a "random" salt over a "unique" salt?

I am currently writing a program and part of it involves securely creating password hashes to store in a database and I came across the phpass framework, which seems to be highly recommended. In phpass, they seem to go through great lengths to…

php security passwords hash phpass

asked Aug 13 '11 at 00:37

Mike

23,542
14
76
87

votes

1 answer

how to implement phpass into login

i am having difficulty implementing phpass into my login procedure - not knowing how to implement it alongside my current code. i have two questions regarding the matter 1) i need to validate the hashed password entered by the user at this line with…

php phpass

asked May 20 '11 at 04:14

methuselah

12,766
47
165
315

votes

1 answer

Codeigniter TankAuth: How to move database to new server with phpass hash portable set to FALSE

TankAuth uses PHPass for password hashing with portable mode set to FALSE by default that lets PHPass uses bcript instead since portable hashes does not store salt in its hash. But, if we want to move the database to different server, we need to set…

database codeigniter passwords tankauth phpass

asked Jun 16 '12 at 09:38

prajan55

votes

1 answer

Correct implementation of PHPass

I'm using PHPass to store users passwords in my application because it's more secure than md5 or sha1. I have a question about how I would use a salt with the passwords. From what I gathered, I use it like this when you insert a user: $pwdHasher =…

php passwords phpass

asked Dec 29 '11 at 22:53

James Dawson

5,309
20
72
126

votes

2 answers

How safe is it to use phpass between several servers?

With 'portable_hashes' turned on. I've noticed that for whatever reason, the hashes it generates aren't always the same - but always return as valid when passed through 'CheckPassword'. I've also noticed that 'PHP_VERSION' is used in the generation…

php security authentication hash phpass

asked Jan 25 '11 at 01:36

Jon

votes

1 answer

Apache mod-auth-mysql with phpass encrypted password (Wordpress)

I need to have password protection on some web pages outside of the main Wordpress site. The users would prefer to use the usernames and passwords they already have in the Wordpress. The obvious solution would seem to be to use the Apace module for…

wordpress .htaccess basic-authentication apache-modules phpass

asked Sep 22 '12 at 12:43

Peter Lamberg

8,151
3
55
69

2 3 4 5 6 7 Next