Python implementation of the portable PHP password hashing framework

Related tags

python-phpass
Overview
Portable PHP password hashing framework implemented in Python.

This Python implementation meant to be an exact port of the the original PHP 
version.

PHPass is used by WordPress, bbPress, Vanilla Forums, PivotX and phpBB. This 
Python port will be handy to work with user account data imported from those 
applications. You can also use this to hash passwords in your Python 
applications for sure.

The original PHP version: http://www.openwall.com/phpass/
PHP version written by Solar Designer.

Python implementation by exavolt <[email protected]>

Dependencies
------------

 * bcrypt http://www.mindrot.org/projects/py-bcrypt/ (optional)

Unlicense
---------

This is free and unencumbered software released into the public domain.

Links
-----

 * http://www.openwall.com/phpass/ - the original version in PHP
 * http://packages.python.org/passlib/ - this all-in-one password hashing 
   library supports phpass portable hashing algorithm as one of its 20 
   more algorithms
Issues
  • Are you available for some targeted consulting work?

    Are you available for some targeted consulting work?

    I have an existing set of wordpress users and I want them to transfer over to my new flask-login based system. Can you help, Exavolt? I think I'm just not understanding the part about how the salt comes in on the original site and becomes part of the user_pass hash. Let me know!

    opened by savraj 1
  • setup.py pull request

    setup.py pull request

    opened by seanbrant 0
  • phpass fails on some passwords ?

    phpass fails on some passwords ?

    On our project, it seems that certain passwords don't authenticate with the phpBB3 hash for that user.

    #NOTE: phpbb uses $H$ and phpass uses $P$ so we fix it here
    fixed_pwd = "$P"+ their_pwd[2:]
    testpass = phpass.PasswordHash(8, False)
    passed = testpass.check_password(self.cleaned_data['password'], fixed_pwd)
           if not passed:
                     ....
    

    self.cleaned_data['password'] is the plain text password. fixed_pwd is the hashed password from phpBB3's database. (yes, I know, bad variable name, it should be fixed_hashed) Is this a known issue ?

    *edit, just tested via the php test program from http://www.openwall.com/phpass/, and it fails there as well.

    Go ahead and close this, not your bug. :)

    opened by vexed 0
  • fix simple typo

    fix simple typo

    opened by lpmi-13 0
  • salt needs to be utf-8 encoded, too or the concatination will fail

    salt needs to be utf-8 encoded, too or the concatination will fail

    https://github.com/exavolt/python-phpass/blob/master/phpass/init.py#L102 add salt = salt.encode('utf-8') somewhere after that line

    opened by iqualfragile 0
  • for python3 this libary should be replaced by https://pythonhosted.org/passlib/lib/passlib.hash.phpass.html

    for python3 this libary should be replaced by https://pythonhosted.org/passlib/lib/passlib.hash.phpass.html

    https://pythonhosted.org/passlib/lib/passlib.hash.phpass.html is much better now

    opened by ser 0
Owner
Rez
// TODO: insert bio
Rez
Python implementation of the portable PHP password hashing framework

Portable PHP password hashing framework implemented in Python. This Python implementation meant to be an exact port of the the original PHP version.

Rez 46 Nov 25, 2019
PHP Library to generate random passwords

Password Generator Library Simple library for generating random passwords. Requirements PHP >= 7.1 We only support PHP 7.3+ Installation Install Compo

Daniel Platt 235 Sep 7, 2021
Compatibility with the password_* functions that ship with PHP 5.5

password_compat This library is intended to provide forward compatibility with the password_* functions that ship with PHP 5.5. See the RFC for more d

Anthony Ferrara 2.1k Sep 7, 2021
A password policy enforcer for PHP and JavaScript

PasswordPolicy A tool for checking and creating password policies in PHP and JS. Installation Use composer to setup an autoloader php composer.phar in

Anthony Ferrara 71 Jul 3, 2021
Realistic PHP password strength estimate library based on Zxcvbn JS

Zxcvbn-PHP is a password strength estimator using pattern matching and minimum entropy calculation. Zxcvbn-PHP is based on the the Javascript zxcvbn p

Ben Jeavons 654 Aug 29, 2021
GenPhrase is a secure passphrase generator for PHP applications.

About GenPhrase is a secure passphrase generator for PHP applications. GenPhrase is based on passwdqc's pwqgen program. See http://www.openwall.com/pa

timoh 94 Aug 29, 2021