npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

phpass-wasm

v0.1.3

Published

Lightning fast phpass hashing algorithm for browsers and Node.js using WebAssembly binaries

Downloads

236

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

alexbrufalexbruf

Keywords

Readme

PhPass

A rust implementation of the password hashing algorithm used by WordPress. https://www.openwall.com/phpass/. Based on phpass rust implementaton by @jkoudys here.

What

WordPress, the most popular blogging platform of all time, is the main application of the PhPass password algorithm. Since WP is nothing if not broad and backwards-compatible in its support, they avoided using a more modern checksum (e.g. SHA256) in favour of old-fashioned, long-broken md5. To make up for this, they'll run MD5 on a salted (and re-salted) input 256 times.

Why

We often don't know which ideas and projects will become successful when we make them, and frequently sites evolve naturally from a simple, managed WordPress blog, to one with a custom plugin, to a hosted PHP app with WordPress as one of its packages, to away from PHP entirely. Those who move to rust (which is wonderful) will want some way to keep those old logins working.

It's also considerably faster than the native PHP version, so could be used in quickly auditing your WordPress user database, to flag and disable accounts with insecure (easy to guess) passwords.

I wanted to make a version in wasm that can be used anywhere (cloudflare, vercel, etc).

How

This crate provides the basics to decode the PhPass checksum and salt from the standard WordPress hash string, and verify against a cleartext password.

Getting started

import { hashPassword, checkPassword } from "phpass-wasm";
let hash = await hashPassword("swordfish");

let verified = await checkPassword("swordfish", hash);

API

/**
 * Calculates PhPass hash
 * @param data Input data (string)
 * @returns Computed hash as a hexadecimal string
 */
export declare function hashPassword(password: string): Promise<string>;

/**
 * Check Password
 * @param data Input password (string)
 * @param hash Input hash (string)
 * @returns boolean if password matches hash
 * @throws {OldWPFormatError} If the hash is in old WordPress format
 * @throws {CheckPasswordError} For other errors
 */
export declare function checkPassword(password: string, hash: string): Promise<boolean>;


export declare class CheckPasswordError extends Error {
    constructor(message: string);
}
export declare class OldWPFormatError extends CheckPasswordError {
    constructor();
}

Testing philosophy

We fuzz test against wordpress-hash-node a nodejs alternative implementation of PhPass. Rust implementation is tested using the test cases from @jkoudys.