[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: [ANN] phpass password hashing for Lua
- From: Nagaev Boris <bnagaev@...>
- Date: Wed, 13 May 2015 10:35:05 +0000
Hi all,
I'm very pleasure to announce that Lua implementation of the portable
PHP password hashing framework is avaliable.
================================================
Homepage: https://github.com/starius/lua-phpass
Installation: luarocks install phpass
Dependencies: LuaCrypto
License: MIT
================================================
phpass (pronounced "pH pass") is a portable public domain password
hashing framework for use in PHP applications [1]. phpass has been
integrated into WordPress, bbPress, Vanilla, PivotX, Chyrp, Textpattern
and concrete5.
This Lua module implements a subset of phpass (iterated MD5). It's
sufficient to create and check a password hash compatible with portable
phpass hash, e.g. a password from wordpress database. Blowfish-based
bcrypt and BSDI-style extended DES-based hashes are not supported.
The code was tested against Lua 5.1, 5.2 and LuaJIT 2.0, 2.1.
LuaCrypto fails to build against Lua 5.3.
Usage
-----
phpass = require 'phpass'
password = 'test12345'
hash = phpass.hashPassword(password)
--> "$P$EYyDnrNHtS2MG5vTVkvXD6wMnd0C/N/"
phpass.checkPassword(password, hash) --> true
phpass.checkPassword('other password', hash) --> false
Notes
-----
Python-phpass, python implementation of phpass [2] was used as a reference.
The algorithm used in phpass.hashPassword generates random salt, so
this function returns different hashes for a password.
phpass.hashPassword has second argument, count_log2, which is log2 of
number of iterations. The algorithm of hashing is as follows:
count = 2 ^ count_log2
salt = ...
hash = md5(salt .. password)
for i = 1, count do
hash = md5(hash .. password)
end
[1] http://www.openwall.com/phpass/
[2] https://github.com/exavolt/python-phpass
--
Best regards,
Boris Nagaev
