PHPackages yarri/password-hashing-machine - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. yarri/password-hashing-machine ActiveLibrary[Security](/categories/security) yarri/password-hashing-machine ============================== Tool for hashing and checking passwords using a required (registered) hashing algorithm. It can handle more (legacy) hashing algorithms. v1.0(4y ago)0229MITPHPPHP >=5.4.0 Since Oct 3Pushed 9mo ago1 watchersCompare [ Source](https://github.com/yarri/PasswordHashingMachine)[ Packagist](https://packagist.org/packages/yarri/password-hashing-machine)[ Docs](https://github.com/yarri/PasswordHashingMachine)[ RSS](/packages/yarri-password-hashing-machine/feed)WikiDiscussions master Synced 2d ago READMEChangelogDependencies (2)Versions (2)Used By (0) PasswordHashingMachine ====================== [](#passwordhashingmachine) [![Build Status](https://camo.githubusercontent.com/74e6c929ea229fc6e382f6f0b699402943949e846d715579feb18d712c036d93/68747470733a2f2f6170702e7472617669732d63692e636f6d2f79617272692f50617373776f726448617368696e674d616368696e652e7376673f6272616e63683d6d6173746572)](https://app.travis-ci.com/yarri/PasswordHashingMachine) PasswordHashingMachine is tool for hashing and checking passwords using a required hashing algorithm, which must be registered from the outside. More hashing algorithms can be registered to PasswordHashingMachine so legacy hashes can be also successfully handled. Usage ----- [](#usage) ### 1. Create the hashing machine [](#1-create-the-hashing-machine) ``` $hasher = new Yarri\PasswordHashingMachine(); ``` ### 2. Add one or more hashing algorithms [](#2-add-one-or-more-hashing-algorithms) ``` // $hasher->addAlgorithm( // callback $hash_callback, // callback $is_hash_callback, // callback $check_password_callback // ); ``` The first added algorithm is also the default hashing algorithm. ``` // default hashing algorithm - bcrypt $hasher->addAlgorithm( function($password){ return password_hash($password,PASSWORD_BCRYPT); }, function($password){ return !password_needs_rehash($password,PASSWORD_BCRYPT); }, function($password,$hash){ return password_verify($password,$hash); } ); ``` Add another legacy hashing algorithms you need in your application. ``` // algorithm for md5 hashes with common salt $hasher->addAlgorithm( function($password){ return md5(SITE_KEY.$password); }, function($password){ return preg_match('/^[0-9a-f]{32}$/',$password); }, function($password,$hash){ return md5(SITE_KEY.$password) === $hash; } ); // algorithm for md5 hashes $hasher->addAlgorithm( function($password){ return md5($password); }, function($password){ return preg_match('/^[0-9a-f]{32}$/',$password); }, function($password,$hash){ return md5($password) === $hash; } ); ``` In fact, for algorithms that provides hexadecimal hashes like md5, sha1, sha2, only the first callback is required. ``` $hasher->addAlgorithm( function($password){ return sha1($password); } ); ``` ### 3. Use the machine [](#3-use-the-machine) ``` // hashing passwords $hasher->hash("secret"); // e.g. '$2a$06$rLxnps2CuGC/9BPCq3ms..7uaWETN6GPiVMXYYGWqdQoMZsDQ/kFG' $hasher->hash('$2a$06$rLxnps2CuGC/9BPCq3ms..7uaWETN6GPiVMXYYGWqdQoMZsDQ/kFG'); // rehash! e.g. '$2y$10$XPuxlYvtelPKTpYtBpeAxOEuidftLo/kGkmmZgtWCFehvWz2N43wy' $hasher->hash(""); // e.g. '$2y$10$FZQFYFamZjnrUr1XvIdGTevA.iLQNSYvHXrP3LETn67AEGreuYCwe' // hashing password but preserving valid hashes or empty parameters $hasher->filter("secret"); // e.g. '$2a$06$rLxnps2CuGC/9BPCq3ms..7uaWETN6GPiVMXYYGWqdQoMZsDQ/kFG' $hasher->filter('$2a$06$rLxnps2CuGC/9BPCq3ms..7uaWETN6GPiVMXYYGWqdQoMZsDQ/kFG'); // '$2a$06$rLxnps2CuGC/9BPCq3ms..7uaWETN6GPiVMXYYGWqdQoMZsDQ/kFG' $hasher->filter(""); // "" $hasher->filter(null); // null // checking hashes $hasher->isHash($hash); // true $hasher->isHash("something"); // false $hasher->isHash(""); // false // verifying passwords $hasher->verify($password,$hash); // true or false ``` After a successful verification, the legacy hash can be detected and the password re-hashing using the current hashing algorithm can be easily realized. ``` $hash = $user->getPasswordHash(); if($hasher->verify($password,$hash,$is_legacy_hash)){ // the user is verified if($is_legacy_hash){ // transparent password re-hashing using the current hashing algorithm $current_hash = $hasher->hash($password); $user->setPasswordHash($current_hash); } } ``` Installation ------------ [](#installation) The best way how to install PasswordHashingMachine is to use the Composer: ``` composer require yarri/password-hashing-machine ``` License ------- [](#license) PasswordHashingMachine is free software distributed [under the terms of the MIT license](http://www.opensource.org/licenses/mit-license) ### Health Score 28 — LowBetter than 54% of packages Maintenance41 Moderate activity, may be stable Popularity12 Limited adoption so far Community7 Small or concentrated contributor base Maturity45 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 1682d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/6304dffbd91d7a978f98632b0e4e30d662dcdb691daadb1388a58984e98faf5c?d=identicon)[yarri](/maintainers/yarri) --- Top Contributors [![yarri](https://avatars.githubusercontent.com/u/974278?v=4)](https://github.com/yarri "yarri (15 commits)") --- Tags hashhashinglegacypasswordpasswordhashinghashpasswordslegacyhasher ### Embed Badge ![Health badge](/badges/yarri-password-hashing-machine/health.svg) ``` [![Health](https://phpackages.com/badges/yarri-password-hashing-machine/health.svg)](https://phpackages.com/packages/yarri-password-hashing-machine) ``` ### Alternatives [ircmaxell/password-compat A compatibility library for the proposed simplified password hashing algorithm: https://wiki.php.net/rfc/password\_hash 2.1k56.8M122](/packages/ircmaxell-password-compat)[symfony/password-hasher Provides password hashing utilities 813137.2M91](/packages/symfony-password-hasher)[passwordlib/passwordlib A Password Hashing Library 377220.6k6](/packages/passwordlib-passwordlib)[lastguest/murmurhash MurmurHash3 Hash 12910.2M52](/packages/lastguest-murmurhash)[paragonie/password_lock Wraps Bcrypt-SHA2 in Authenticated Encryption 19348.7k1](/packages/paragonie-password-lock)[mikemclin/laravel-wp-password Laravel package that checks and creates WordPress password hashes 863.4M2](/packages/mikemclin-laravel-wp-password) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)