Skip to content
This repository has been archived by the owner on Apr 24, 2022. It is now read-only.


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Openwall Phpass, modernized

Build Status

This is Openwall's Phpass, based on the 0.5 release, but modernized slightly:

  • Namespaced
  • Composer support (Autoloading)
  • Unit Tested

The modernization has been done by Hautelook, from whom I stole this library to originally repackage it for PHP 5.3 to 7.0 compatibility in a single file and branch (Hautelook's port consisting of two branches, one for PHP 5.3 to 5.5, and another one for 5.6+).

Current version requires PHP 5.6+


Add this requirement to your composer.json file and run composer install:

    "require": {
        "ozh/phpass": "1.3.0"


The following example shows how to hash a password (to then store the hash in the database), and how to check whether a provided password is correct (hashes to the same value):


namespace Your\Namespace;

use Ozh\Phpass\PasswordHash;

require_once(__DIR__ . "/vendor/autoload.php"); // or require_once('path/to/src/Ozh/Phpass/PasswordHash.php');

$passwordHasher = new PasswordHash(8,false);

// Encrypt
$password = $passwordHasher->HashPassword('secret');
    // Will output something like:
    // '$2a$08$a6XFLs8SrjClF1szoDDkI.6gtWVb4//QnzUjkxlus83AKCNjuD8Ha' (length=60)
    // '$2a$08$Qze1smZ//VAwHJ1t52zklOY/yLwlbKR6Ighf6B7uqGXdYVozTPEdG' (length=60)
    // '$2a$08$u2uKfE9igO.Cz0SptWxlXeVi0CQglfl3FdRK3YpbGm1NfF1d.CFPm' (length=60)

// Decrypt
var_dump( $passwordHasher->CheckPassword('secret', '$2a$08$0RK6Yw6j9kSIXrrEOc3dwuDPQuT78HgR0S3/ghOFDEpOGpOkARoSu') );
    // true
var_dump( $passwordHasher->CheckPassword('secret', '$2a$08$Qze1smZ//VAwHJ1t52zklOY/yLwlbKR6Ighf6B7uqGXdYVozTPEdG') );
    // true
var_dump( $passwordHasher->CheckPassword('secret', '$2a$08$u2uKfE9igO.Cz0SptWxlXeVi0CQglfl3FdRK3YpbGm1NfF1d.CFPm') );
    // true