What Type of Hash Does Wordpress Use

Trying to check a wordpress password hash using phpass

Turns out I was using a Github project that didnt match the initial criteria used to generate the hashes. I discovered: https://github.com/Wolf480pl/PHPass which worked perfectly

Java - How to encrypt passwords for wordpress?

As mentioned here WordPress uses the PasswordHash class from the phpass for generating the password hashes. According to the links, the default implementation used involves the use of a salt, and 8 rounds of MD5 hashing. Exactly how and when the salt is applied, and what goes into the MD5 don't seem to be readily available. However, there seem to be a java port of phpass here.

Wordpress User Password Data as Plaintext / Export Wordpress User Password to Django

Use this library, https://github.com/jmoswalt/wp-to-django-users

Basically you add django the capability to re-hash the old wordpress password, so that your old wordpress user can now use their same & old password on the new django site

Within your settings.py file for your django project, add the following:

PASSWORD_HASHERS = (
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
'django.contrib.auth.hashers.SHA1PasswordHasher',
'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.CryptPasswordHasher',
'hashers_passlib.phpass',
)

then re-hash the password, and you are done.

from django.contrib.auth.hashers import get_hasher
hasher = get_hasher('phpass')
user.password = hasher.from_orig(user.password)

---

Related Topics