This is a porting of phpass
All files within this package are in public domain.
$ gem install phpass-ruby
require "rubygems" require "phpass" # 12 is password strength / calculation time. This is trade-off. # 8 <= strength <= 30 (default: 8) phpass = Phpass.new(12) # Get hashed string. These are different result each time. p phpass.hash('foo') p phpass.hash('foo') p phpass.hash('foo') # Compare input and stored hash known = '$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0' p phpass.check('test12345', known) # => true p phpass.check('test12346', known) # => false
phpass-ruby is supporting portable(MD5) hashing only.
However, nonportable phpass hashes can be validated using bcrypt:
require 'bcrypt' BCrypt::Engine.cost = 8 p BCrypt::Password.new(stored_hash) == password + stored_salt