How to check if Drupal user password is well hashed

Issue

Drupal login is not recognising a password of a user.

Cause

One possible reason is the password could be store with a wrong hash.

Solution

To verify if the password is store with a valid hash you will need to use a module called drop_the_ripper.

https://www.drupal.org/project/drop_the_ripper

After the module is installed and the code is deploy.

SSH in the server and create a file adding the password of the user you want to test.

For example file:

echo "1234567Aa" > /mnt/tmp/password.txt

To test run the following command in site docroot:

site.env@server-xxxxxx:/var/www/html/site.env/docroot$ drush dtr --uid=[user-id] --wordlist=/mnt/tmp/password.txt

If the drop_the_ripper do not find the password you will see a output like this:

Users to check: 1                                                                                                                                                                                                                  [success]
Ran 5 password checks for 1 user(s) in 0.25 seconds.                                                                                                                                                                               [success]

If drop_the_ripper managed to find it, the output should be something like this

Users to check: 1                                                                                                                                                                                                                  [success]
Match: uid=[id-user] name=[user-email] status=1 password=1234567Aa                                                                                                                                                           [success]
Ran 5 password checks for 1 user(s) in 0.25 seconds.

This way you could verify if the hash is valid.