Need help with phpass?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

152 Stars 23 Forks 37 Commits 1 Opened issues


Openwall Phpass, namespaced with composer

Services available


Need anything else?

Contributors list

Openwall Phpass, modernized

Build Status HHVM Status

This is Openwall's Phpass, based on the 0.3 release, but modernized slightly:

  • Namespaced
  • Composer support (Autoloading)
  • PHP 5 style
  • Unit Tested

The changes are minimal and mostly stylistic. The source code is in the public domain. We claim no ownership, but needed it for one of our projects, and wanted to make it available to other people as well.

  • 1.1.0
    - Modified to add
    hook function.
  • 1.0.0
    - Modified to use hash_equals to be resistant to timing attacks. This requires
    php >= 5.6.0
  • 0.3.x
    - Very close to the original version. Requires
    php >= 5.3.3

Customizing the Source of Randomness

In version

, the
function checks for the presence of a
function. If a
function is callable, then
will be used as the source for random bytes output. Otherwise, the original
code will be used.


Add this requirement to your

file and run
composer.phar install
    "require": {
        "hautelook/phpass": "1.0.0"


The following example shows how to hash a password (to then store the hash in the database), and how to check whether a provided password is correct (hashes to the same value):

use Hautelook\Phpass\PasswordHash;

require_once(DIR . "/vendor/autoload.php");

$passwordHasher = new PasswordHash(8,false);

$password = $passwordHasher->HashPassword('secret'); var_dump($password);

$passwordMatch = $passwordHasher->CheckPassword('secret', "$2a$08$0RK6Yw6j9kSIXrrEOc3dwuDPQuT78HgR0S3/ghOFDEpOGpOkARoSu"); var_dump($passwordMatch);

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.