Comeonin.Bcrypt
Module to handle bcrypt authentication.
Bcrypt is a key derivation function for passwords designed by Niels Provos and David Mazières. Bcrypt uses a salt to protect against offline attacks. It is also an adaptive function, which means that it can be configured to remain slow and resistant to brute-force attacks even as computational power increases.
This bcrypt implementation is based on the latest OpenBSD version, which fixed a small issue that affected some passwords longer than 72 characters.
Summary↑
| checkpw(password, hash) | Check the password |
| dummy_checkpw() | Perform a dummy check for a user that does not exist. This always returns false. The reason for implementing this check is in order to make user enumeration by timing responses more difficult |
| gen_salt() | |
| gen_salt(log_rounds) | Generate a salt for use with the |
| hashpass(password, salt) | Hash the password using bcrypt |
| hashpwsalt(password) | Hash the password with a salt which is randomly generated |
| init() |
Functions
Check the password.
The check is performed in constant time to avoid timing attacks.
Perform a dummy check for a user that does not exist. This always returns false. The reason for implementing this check is in order to make user enumeration by timing responses more difficult.
Generate a salt for use with the hashpw, hashpass and
hashpwsalt functions.
The log_rounds parameter determines the computational complexity of the hashing. Its default is 12, the minimum is 4, and the maximum is 31. If less than 4 is input, 4 will be used, and if more than 31 is input, 31 will be used.
Hash the password using bcrypt.
Hash the password with a salt which is randomly generated.