Comeonin.Bcrypt

Module to handle bcrypt authentication.

Bcrypt is a key derivation function for passwords designed by Niels Provos and David Mazières. Bcrypt uses a salt to protect against offline attacks. It is also an adaptive function, which means that it can be configured to remain slow and resistant to brute-force attacks even as computational power increases.

This bcrypt implementation is based on the latest OpenBSD version, which fixed a small issue that affected some passwords longer than 72 characters.

Source

Summary

checkpw(password, hash)

Check the password

dummy_checkpw()

Perform a dummy check for a user that does not exist. This always returns false. The reason for implementing this check is in order to make user enumeration by timing responses more difficult

gen_salt()
gen_salt(log_rounds)

Generate a salt for use with the hashpw, hashpass and hashpwsalt functions

hashpass(password, salt)

Hash the password using bcrypt

hashpwsalt(password, log_rounds \\ 12)

Hash the password with a salt which is randomly generated

init()

Functions

checkpw(password, hash)

Check the password.

The check is performed in constant time to avoid timing attacks.

Source
dummy_checkpw()

Perform a dummy check for a user that does not exist. This always returns false. The reason for implementing this check is in order to make user enumeration by timing responses more difficult.

Source
gen_salt()
Source
gen_salt(log_rounds)

Generate a salt for use with the hashpw, hashpass and hashpwsalt functions.

The log_rounds parameter determines the computational complexity of the generation of the salt. Its default is 12, the minimum is 4, and the maximum is 31.

Source
hashpass(password, salt)

Hash the password using bcrypt.

Source
hashpwsalt(password, log_rounds \\ 12)

Hash the password with a salt which is randomly generated.

There is an option to change the log_rounds parameter, which affects the complexity of the generation of the salt.

Source
init()
Source