Openwall Phpass, modernized

This is Openwall's Phpass, based on the 0.3 release, but modernized slightly:

• Namespaced
• Composer support (Autoloading)
• PHP 5 style
• Unit Tested

The changes are minimal and mostly stylistic. The source code is in the public domain. We claim no ownership, but needed it for one of our projects, and wanted to make it available to other people as well.

• 1.1.0

  - Modified to add

  random_bytes

  hook function.

• 1.0.0

  - Modified to use hash_equals to be resistant to timing attacks. This requires

  php >= 5.6.0

  .

• 0.3.x

  - Very close to the original version. Requires

  php >= 5.3.3

  .

Customizing the Source of Randomness

In version

1.1.0

get_random_bytes

random_bytes

random_bytes

random_bytes

get_random_bytes

Installation

Add this requirement to your

composer.json

composer.phar install

{
    "require": {
        "hautelook/phpass": "1.0.0"
    }
}

Usage

The following example shows how to hash a password (to then store the hash in the database), and how to check whether a provided password is correct (hashes to the same value):

use Hautelook\Phpass\PasswordHash;

require_once(DIR . "/vendor/autoload.php");
$passwordHasher = new PasswordHash(8,false);
$password = $passwordHasher->HashPassword('secret');
var_dump($password);
$passwordMatch = $passwordHasher->CheckPassword('secret', "$2a$08$0RK6Yw6j9kSIXrrEOc3dwuDPQuT78HgR0S3/ghOFDEpOGpOkARoSu");
var_dump($passwordMatch);