Portable PHP password hashing framework implemented in Python. This Python implementation meant to be an exact port of the the original PHP version. PHPass is used by WordPress, bbPress, Vanilla Forums, PivotX and phpBB. This Python port will be handy to work with user account data imported from those applications. You can also use this to hash passwords in your Python applications for sure. The original PHP version: http://www.openwall.com/phpass/ PHP version written by Solar Designer. Python implementation by exavolt <[email protected]> Dependencies ------------ * bcrypt http://www.mindrot.org/projects/py-bcrypt/ (optional) Unlicense --------- This is free and unencumbered software released into the public domain. Links ----- * http://www.openwall.com/phpass/ - the original version in PHP * http://packages.python.org/passlib/ - this all-in-one password hashing library supports phpass portable hashing algorithm as one of its 20 more algorithms
Python implementation of the portable PHP password hashing framework
I have an existing set of wordpress users and I want them to transfer over to my new flask-login based system. Can you help, Exavolt? I think I'm just not understanding the part about how the salt comes in on the original site and becomes part of the user_pass hash. Let me know!
On our project, it seems that certain passwords don't authenticate with the phpBB3 hash for that user.
#NOTE: phpbb uses $H$ and phpass uses $P$ so we fix it here fixed_pwd = "$P"+ their_pwd[2:] testpass = phpass.PasswordHash(8, False) passed = testpass.check_password(self.cleaned_data['password'], fixed_pwd) if not passed: ....
self.cleaned_data['password'] is the plain text password. fixed_pwd is the hashed password from phpBB3's database. (yes, I know, bad variable name, it should be fixed_hashed) Is this a known issue ?
*edit, just tested via the php test program from http://www.openwall.com/phpass/, and it fails there as well.
Go ahead and close this, not your bug. :)
https://github.com/exavolt/python-phpass/blob/master/phpass/init.py#L102 add salt = salt.encode('utf-8') somewhere after that line
for python3 this libary should be replaced by https://pythonhosted.org/passlib/lib/passlib.hash.phpass.html
https://pythonhosted.org/passlib/lib/passlib.hash.phpass.html is much better now