
porting of phpass for ruby

Primary LanguageRuby

This is a porting of phpass

All files within this package are in public domain.


$ gem install phpass-ruby


require "rubygems"
require "phpass"

# 12 is password strength / calculation time. This is trade-off. 
# 8 <= strength <= 30 (default: 8)
phpass = Phpass.new(12) 

# Get hashed string. These are different result each time.
p phpass.hash('foo')
p phpass.hash('foo')
p phpass.hash('foo')

# Compare input and stored hash
known = '$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0'
p phpass.check('test12345', known) # => true
p phpass.check('test12346', known) # => false


phpass-ruby is supporting portable(MD5) hashing only.

However, nonportable phpass hashes can be validated using bcrypt:

require 'bcrypt'
BCrypt::Engine.cost = 8
p BCrypt::Password.new(stored_hash) == password + stored_salt