[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: [ANN] phpass password hashing for Lua
- From: Nagaev Boris <bnagaev@...>
- Date: Wed, 13 May 2015 10:35:05 +0000
I'm very pleasure to announce that Lua implementation of the portable
PHP password hashing framework is avaliable.
Installation: luarocks install phpass
phpass (pronounced "pH pass") is a portable public domain password
hashing framework for use in PHP applications . phpass has been
integrated into WordPress, bbPress, Vanilla, PivotX, Chyrp, Textpattern
This Lua module implements a subset of phpass (iterated MD5). It's
sufficient to create and check a password hash compatible with portable
phpass hash, e.g. a password from wordpress database. Blowfish-based
bcrypt and BSDI-style extended DES-based hashes are not supported.
The code was tested against Lua 5.1, 5.2 and LuaJIT 2.0, 2.1.
LuaCrypto fails to build against Lua 5.3.
phpass = require 'phpass'
password = 'test12345'
hash = phpass.hashPassword(password)
phpass.checkPassword(password, hash) --> true
phpass.checkPassword('other password', hash) --> false
Python-phpass, python implementation of phpass  was used as a reference.
The algorithm used in phpass.hashPassword generates random salt, so
this function returns different hashes for a password.
phpass.hashPassword has second argument, count_log2, which is log2 of
number of iterations. The algorithm of hashing is as follows:
count = 2 ^ count_log2
salt = ...
hash = md5(salt .. password)
for i = 1, count do
hash = md5(hash .. password)