[Back] phpass is used as a hashing method by WordPress and Drupal. It is public domain software and used with PHP applications.
The results are then:
The three main methods used are:
The output uses the following to identifiy the differing types:
Figure 1: phpass format
sample run with “password” and salt of “ZDzPE45C” for seven rounds gives:
Where it can be see that the salt value is paced after "\$P\$5" ("ZDzPE45C"), and after that there are 22 Base-64 characters (giving 128-bit hash signature).
You can check the output against the following Python code:
import passlib.hash; string = "password" salt="ZDzPE45C" print passlib.hash.phpass.encrypt(string, salt=salt,rounds=7)
which should give: \$P\$5ZDzPE45Ci.QxPaPz.03z6TYbakcSQ0
The code uses 7 rounds - to save processor time - but it can vary between 7 and 30.The number of iterations is 2^rounds. In this case the hash is "i.QxPaPz.03z6TYbakcSQ0" which is a 128-bit hash signature.
The number of rounds is a single character encoding a 6-bit integer.