Portable PHP password hashing ("password encryption") framework (original) (raw)

Products Openwall GNU/*/Linux server OS Linux Kernel Runtime Guard John the Ripper password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists for password cracking passwdqc policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt KDF & password hashing yespower Proof-of-Work (PoW) crypt_blowfish password hashing phpass ditto in PHP tcb better password shadowing Pluggable Authentication Modules scanlogd port scan detector popa3d tiny POP3 daemon blists web interface to mailing lists msulogin single user mode login php_mt_seed mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Please note that password hashing is often wrongly referred to as "password encryption". Hashing is a more appropriate term since encryption is something that is supposed to be easily reversible.

phpass (pronounced "pH pass") is a portable public domain password hashing framework for use inPHP applications.

phpass was released in 2005 when a typical web host ran PHP 4 anda typical web app used raw MD5. In 2007 and on major web apps moved to phpass, which was an important step forward (bringing web apps' password hashing on par with Unix systems'). phpass API might also have inspired thepassword_hash() / password_verify() API included in PHP 5.5+.

At this time, if your new project can afford to require PHP 5.5+, which it should,please use PHP's native password_hash() / password_verify() API instead of phpass. This new API also happens to support the CRYPT_BLOWFISH and CRYPT_EXT_DES hashes used by phpass, but unfortunately it does not support the phpass portable hashes (which are portable across all versions of PHP as long as you use phpass).

If you have to support versions of PHP older than 5.5, if you need to keep support for phpass portable hashes in new revisions of your existing project, or/and if you need to support those hashes migrated from other web apps, then phpass is still useful for you. This is why we continue to keep its maintenance on life support and have updated phpass for PHP 7+.

The preferred (most secure) hashing method supported by phpass is the OpenBSD-style Blowfish-based bcrypt, also supported with our public domaincrypt_blowfish package (for C applications), and known in PHP as CRYPT_BLOWFISH, with a fallback to MD5-based salted and variable iteration count password hashes implemented in phpass itself (also referred to as portable hashes).(phpass versions up to 0.4 also included an intermediary fallback to BSDI-style extended DES-based hashes, known in PHP as CRYPT_EXT_DES, but this has since been dropped except for authenticating against pre-existing hashes of this type.)

To ensure that the fallbacks will never occur, PHP 5.3+ should be used.

Included in the package are a PHP source file implementing the PasswordHash PHP class, a tiny PHP application demonstrating the use of the PasswordHash class, and a C reimplementation of the portable hashes (used for testing correctness of the primary implementation only).

There's a lengthyarticle/tutorial on introducing password hashing with phpass into a PHP application, as well as on other aspects of managing users and passwords. This article along with sample programs referenced from it is also available for download below. Some of you might prefer this much shorterthird-party article focusing solely on introducing phpass into a PHP application. Finally, also relevant is ourpresentation on the history of password security.

Download (release notes):

• phpass 0.5 and its signature
  Supports PHP 5 to 8+ (may trigger deprecation warnings on PHP 8.1+, fixed in git)
• phpass 0.4 and its signature
  Supports PHP 3 to 5 (may trigger deprecation warnings on PHP 7+)
• phpass article, revision 3 intar.gz(signature) andZIP(signature) format

These and other related files are alsoavailable from the Openwall file archive. The source code of phpass can be browsed onGitHub.

Follow this link for information on verifying the signatures.

We can help you integrate phpass into your applications, please check out our services.

Contributed resources:

• Composer package of a fork of phpass
• Python port of phpass 0.3(git) by exavolt
• Python port of phpass 0.1 by Alexander Chemeris
  only password checking against existing portable hashes is supported
• mod_auth_mysql patched to support phpass portable hashes byNikolay
• Authen::Passphrase::PHPass Perl module
  reimplements the support for phpass portable hashes in Perl
• Node.js port of phpass
• phpass portable and Drupal 7+ hash provider for Keycloak

phpass has been integrated intoWordPress 2.5+(more info),bbPress,Vanilla,PivotX 2.1.0+,Textpattern 4.4.0+, andconcrete5 5.6.3+.

A cut-down version of phpass (supporting the portable hashes only) has been integrated into phpBB3(although they have changed the hash type identifier string from "$P$" to "$H$", the hashes are otherwise compatible with those of genuine phpass).

Similarly, phpass forced to use the portable hashes only has been integrated into Joomlastarting with versions 2.5.18 and 3.2.1.

A cut-down and reworked version of phpass (supporting the portable hashes only and requiring PHP 5+) has been integrated into development versions ofDrupal leading to the Drupal 7 release, aftera lengthy discussion and many proposed patches against various development versions of Drupal. There's a notion of upgraded hashes - these are phpass portable hashes of md5() hashes (which were used by older versions of Drupal), with the final hash encodings prefixed with a "U" (for "upgraded"). A more recentlengthy discussionhas resulted in Drupal 7 switching from MD5 to SHA-512 for the underlying cryptographic primitive in phpass' "portable" hashes (making them less portable) while preserving "read-only" support for the MD5-based portable hashes. This change was made primarily for "political" reasons. Drupal 7's SHA-512 based phpass-like hash encoding strings use "$S$" as the hash type identifier.

There's also amodule for Drupal 5 & 6that makes the original phpass available with those versions of Drupal, including support for the more secure but not nearly as portable CRYPT_BLOWFISH and CRYPT_EXT_DES hashes.

TYPO3 CMSsupports phpass portable hashesand was using them by default since version 4.5 and until the default was changed in version 8.

A revision of phpass modified to use SHA-1 in the portable hashes, with the "$Q$" prefix to distinguish those, has been integrated into Escher CMS 0.9.2. This is an example of a project breaking compatibility for no good reason. Please don't do things like that!

phpass is a registered project withOpen Hub.

The development of phpass and efforts on getting it into Drupal are partially supported byCivicActions, a Drupal consulting company.

1392632