Comeonin.Bcrypt

Module to handle bcrypt authentication.

Bcrypt is a key derivation function for passwords designed by Niels Provos and David Mazières. Bcrypt uses a salt to protect against offline attacks. It is also an adaptive function, which means that it can be configured to remain slow and resistant to brute-force attacks even as computational power increases.

This bcrypt implementation is based on the latest OpenBSD version, which fixed a small issue that affected some passwords longer than 72 characters.

Source

Summary

bf_encrypt(state)

Encrypt and return the hash

bf_expand(state, key, key_len, salt)

The main key expansion function. This function is called 2^log_rounds times

bf_init(key, key_len, salt)

Initialize the P-box and S-box tables with the digits of Pi, and then start the key expansion process

checkpw(password, hash)

Check the password

dummy_checkpw()

Perform a dummy check for a user that does not exist. This always returns false. The reason for implementing this check is in order to make user enumeration by timing responses more difficult

gen_salt()
gen_salt(log_rounds)

Generate a salt for use with the hashpass function

hashpass(password, salt)

Hash the password using bcrypt

hashpwsalt(password)

Hash the password with a salt which is randomly generated

init()

Functions

bf_encrypt(state)

Encrypt and return the hash.

Source
bf_expand(state, key, key_len, salt)

The main key expansion function. This function is called 2^log_rounds times.

Source
bf_init(key, key_len, salt)

Initialize the P-box and S-box tables with the digits of Pi, and then start the key expansion process.

Source
checkpw(password, hash)

Check the password.

The check is performed in constant time to avoid timing attacks.

Source
dummy_checkpw()

Perform a dummy check for a user that does not exist. This always returns false. The reason for implementing this check is in order to make user enumeration by timing responses more difficult.

Source
gen_salt()
Source
gen_salt(log_rounds)

Generate a salt for use with the hashpass function.

The log_rounds parameter determines the computational complexity of the generation of the password hash. Its default is 12, the minimum is 4, and the maximum is 31.

Source
hashpass(password, salt)

Hash the password using bcrypt.

Source
hashpwsalt(password)

Hash the password with a salt which is randomly generated.

To change the complexity (and the time taken) of the password hash calculation, you need to change the value for bcrypt_log_rounds in the config file.

Source
init()
Source