vaughnd/wordpress_password_check_in_python.py

## wordpress_password_check_in_python.py
# use passlib (https://passlib.readthedocs.io/en/stable/index.html) which includes a recent implementation of phpass,
# the lib Wordpress uses
from passlib.hash import phpass

# 'password' hashed with a random 8 character salt for a number of rounds=13. Salt and rounds are encoded in the hash itself
# https://passlib.readthedocs.io/en/stable/lib/passlib.hash.phpass.html#format
# $P${rounds,6-bit integer encoded as char}{salt, 8 characters}{checksum}
wordpress_hashed_password='$P$BcT47uPjTpAPe6VtS8MeR4MECevpNb.'

# will return True, because it takes it's configuration salt + rounds from the hash above
phpass.verify("password", wordpress_hashed_password)

# longer version
from passlib.utils.binary import h64
rounds=h64.decode_int6(wordpress_hashed_password[3].encode('ascii')) # 13
salt=wordpress_hashed_password[4:12] # 'cT47uPjT'

custom_hasher=phpass.using(salt=salt, rounds=rounds)
custom_hasher.hash("password") == wordpress_hashed_password
	# use passlib (https://passlib.readthedocs.io/en/stable/index.html) which includes a recent implementation of phpass,
	# the lib Wordpress uses
	from passlib.hash import phpass

	# 'password' hashed with a random 8 character salt for a number of rounds=13. Salt and rounds are encoded in the hash itself
	# https://passlib.readthedocs.io/en/stable/lib/passlib.hash.phpass.html#format
	# $P${rounds,6-bit integer encoded as char}{salt, 8 characters}{checksum}
	wordpress_hashed_password='$P$BcT47uPjTpAPe6VtS8MeR4MECevpNb.'

	# will return True, because it takes it's configuration salt + rounds from the hash above
	phpass.verify("password", wordpress_hashed_password)

	# longer version
	from passlib.utils.binary import h64
	rounds=h64.decode_int6(wordpress_hashed_password[3].encode('ascii')) # 13
	salt=wordpress_hashed_password[4:12] # 'cT47uPjT'

	custom_hasher=phpass.using(salt=salt, rounds=rounds)
	custom_hasher.hash("password") == wordpress_hashed_password