Wordpress v6.8 Bcrypt - hmac-sha384

cyclone

As announced on February 17, 2025, Wordpress is switching their hash function to their own rolled version of bcrypt:
bcrypt(base64(hmac-sha384(key="wp-sha384", password)))

How the WordPress custom bcrypt works:

• Prehash: h = HMAC-SHA384(key="wp-sha384", msg=password)
• Encode: b = base64(h)
• Bcrypt: bcrypt(b, salt, cost) stored with the $wp$2y$ prefix

Example hash:plain
$wp$2y$10$607XKVrBjPEqujeOXNwbYuOJ.gPMd2TelMMknmeV70Kap1E81Ovo6:hashpwn

Wordpress Announcement:
https://make.wordpress.org/core/2025/02/17/wordpress-6-8-will-use-bcrypt-for-password-hashing/

---

If you need to generate a test hash or hash:plain, hashgen v1.2.0-dev supports this algo: hashgen -m wpbcrypt
https://github.com/cyclone-github/hashgen

---

Thanks to @penguinkeeper's PR, hashcat 7.x now supports this algo as -m 35500:
https://github.com/hashcat/hashcat/pull/4512

echo hashpwn | ./hashcat -m 35500 -a 0 --potfile-disable '$wp$2y$10$607XKVrBjPEqujeOXNwbYuOJ.gPMd2TelMMknmeV70Kap1E81Ovo6'

---

For those not running the latest hashcat beta, you can also crack these with the Rust bridge.

Hashcat wpbcrypt bridge conversion script:

# convert $wp$... hashes to hashcat bridge format
./wp2hashcat.py < wp_hash.txt

wp2hashcat.py

#!/usr/bin/env python3
import sys

for line in sys.stdin:
    s = line.strip().removeprefix("$wp$")
    if not s.startswith("$"):
        s = "$" + s
    _, algo, cost, rest = s.split("$", 3)
    print(f"{s}*{cost}*{rest[:22]}")

Example hashcat rust bridge command:

echo hashpwn | ./hashcat -m 74000 -a0 -w3 --session=bridge --potfile-disable \
    '$2y$10$607XKVrBjPEqujeOXNwbYuOJ.gPMd2TelMMknmeV70Kap1E81Ovo6*10*607XKVrBjPEqujeOXNwbYu' \
    --bridge-parameter1 ./bridges/subs/dynamic_hash.so \
    --bridge-parameter2 'bcrypt2y(cost=$s1,salt=$s2,hmac_sha384:b64(key="wp-sha384",$p))'

Starting attack in stdin mode

$2y$10$607XKVrBjPEqujeOXNwbYuOJ.gPMd2TelMMknmeV70Kap1E81Ovo6*10*607XKVrBjPEqujeOXNwbYu:hashpwn
Session..........: bridge
Status...........: Cracked
Hash.Mode........: 74000 (Generic Hash [Bridged: Rust])
Hash.Target......: $2y$10$607XKVrBjPEqujeOXNwbYuOJ.gPMd2TelMMknmeV70Ka...XNwbYu
Time.Started.....: Mon Sep 29 15:10:57 2025 (0 secs)
Time.Estimated...: Mon Sep 29 15:10:57 2025 (0 secs)
Kernel.Feature...: Pure Kernel (password length 0-256 bytes)
Guess.Base.......: Pipe
Speed.#*.........:       19 H/s
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 1
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#01..: Salt:0 Amplifier:0-1 Iteration:0-1
Candidate.Engine.: Device Generator
Candidates.#01...: hashpwn -> hashpwn
Hardware.Mon.#01.: Temp: 34c Fan:  0% Util: 25% Core:2625MHz Mem:10251MHz Bus:1
Started: Mon Sep 29 15:10:53 2025
Stopped: Mon Sep 29 15:10:59 2025