I am in the process of converting a site from Wordpress to a custom CMS developed in Codeigniter. I was told that Wordpress uses PHPass to hash their passwords, so I am using the PHPass library (as outlined at this site) in an attempt to seamlessly transition the users over without them having to reset or change their passwords.
I have it working fine in my application, but it's not generating the same password hashes as Wordpress uses. I'm assuming it's related to some kind of site key, but I'm not having any luck. How can I make PHPass generate the same password hash?
There are a couple of possibilities. They're either using a different hashing algorithm or they're salting their hashes or some other method of obfuscation. If Wordpress salts their hashes, then you'd have to gain access to their salt table or single salt phrase to alter their hashes -- but I doubt you'll get that. I verified that PHPass does support salting as well as other hash obfuscating methods so one of those is probably the reason why your hashes aren't coming out identical.