Index: wp-includes/registration.php
===================================================================
--- wp-includes/registration.php	(revision 15937)
+++ wp-includes/registration.php	(working copy)
@@ -113,7 +113,7 @@
 	} else {
 		$update = false;
 		// Hash the password
-		$user_pass = wp_hash_password($user_pass);
+		$user_pass = wp_hash_password(stripslashes($user_pass));
 	}
 
 	$user_login = sanitize_user($user_login, true);
@@ -267,7 +267,7 @@
 	// If password is changing, hash it now.
 	if ( ! empty($userdata['user_pass']) ) {
 		$plaintext_pass = $userdata['user_pass'];
-		$userdata['user_pass'] = wp_hash_password($userdata['user_pass']);
+		$userdata['user_pass'] = wp_hash_password(stripslashes($userdata['user_pass']));
 	}
 
 	wp_cache_delete($user[ 'user_email' ], 'useremail');
Index: wp-includes/pluggable.php
===================================================================
--- wp-includes/pluggable.php	(revision 15937)
+++ wp-includes/pluggable.php	(working copy)
@@ -1459,12 +1459,20 @@
 function wp_check_password($password, $hash, $user_id = '') {
 	global $wp_hasher;
 
-	// If the hash is still md5...
+	/*
+	 * For a long time WordPress did not stripslash() passwords correctly.
+	 * To handle these password hashes we must check against slashed
+	 * passwords and update on match.
+	 */
+	$slashed_password = $password;
+	$password = stripslashes($password);
+
+	// If the hash is still md5 (as well as not stripslashed)
 	if ( strlen($hash) <= 32 ) {
-		$check = ( $hash == md5($password) );
+		$check = ( $hash == md5($slashed_password) );
 		if ( $check && $user_id ) {
 			// Rehash using new hash.
-			wp_set_password($password, $user_id);
+			wp_set_password($slashed_password, $user_id);
 			$hash = wp_hash_password($password);
 		}
 
@@ -1481,6 +1489,15 @@
 
 	$check = $wp_hasher->CheckPassword($password, $hash);
 
+	if ( !$check && $user_id ) {
+		$check = $wp_hasher->CheckPassword($slashed_password, $hash);
+		if ( $check  ) {
+			// Rehash with correct password
+			wp_set_password($slashed_password, $user_id);
+			$hash = wp_hash_password($password);
+		}
+	}
+
 	return apply_filters('check_password', $check, $password, $hash, $user_id);
 }
 endif;
@@ -1576,7 +1593,7 @@
 function wp_set_password( $password, $user_id ) {
 	global $wpdb;
 
-	$hash = wp_hash_password($password);
+	$hash = wp_hash_password(stripslashes($password));
 	$wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) );
 
 	wp_cache_delete($user_id, 'users');