int main() { clock_t before; clock_t after; char salt[BCRYPT_HASHSIZE]; char hash[BCRYPT_HASHSIZE]; const char pass[] = "hi,mom"; const char hash1[] = "$2a$10$VEVmGHy4F4XQMJ3eOZJAUeb.MedU0W10pTPCuf53eHdKJPiSE8sMK"; const char hash2[] = "$2a$10$3F0BVk5t8/aoS.3ddaB3l.fxg5qvafQ9NybxcpXLzMeAt.nVWn.NO"; assert(bcrypt_gensalt(12, salt) == 0); printf("Generated salt: %s\n", salt); before = clock(); assert(bcrypt_hashpw("testtesttest", salt, hash) == 0); after = clock(); printf("Hashed password: %s\n", hash); printf("Time taken: %f seconds\n", (float)(after - before) / CLOCKS_PER_SEC); assert(bcrypt_hashpw(pass, hash1, hash) == 0); printf("First hash check: %s\n", (strcmp(hash1, hash) == 0)?"OK":"FAIL"); assert(bcrypt_hashpw(pass, hash2, hash) == 0); printf("Second hash check: %s\n", (strcmp(hash2, hash) == 0)?"OK":"FAIL"); return 0; }
void textadventure::bcrypt::performHash( uvpp::Loop& loop, std::string plaintext, std::string salt, std::function<void (std::string)> callback ) { loop.doWork( [plaintext, salt]() { auto hash = new char[BCRYPT_HASHSIZE]; char csalt[BCRYPT_HASHSIZE]; auto csaltLength = salt.copy(csalt, salt.length(), 0); csalt[csaltLength] = '\0'; auto cplaintext = plaintext.c_str(); bcrypt_hashpw(cplaintext, csalt, hash); auto str = new std::string(hash); delete hash; return str; }, [callback](void* result) { auto str = std::unique_ptr<std::string>( reinterpret_cast<std::string*>(result) ); callback(*str); } ); }
int store_password(char *password, FILE *output) { if (NULL != output) { char salt[BCRYPT_HASHSIZE]; char hash[BCRYPT_HASHSIZE]; bcrypt_gensalt(12, salt); bcrypt_hashpw(password, salt, hash); output_to_stream(hash, output); // unsigned char hash[crypto_hash_BYTES]; // // Invoke NaCl hash function (based on sha512) to hash the pw securely // crypto_hash(hash, (unsigned char *) password, strlen(password)); // // // Determine how long the hashed version is // // and how long the base 64 version will be // size_t hash_length = strlen((char *) hash); // int encoded_length = Base64encode_len(hash_length); // // // Allocate a buffer large enough for the Base 64 version of the hash // char *encoded_hash = (char *) calloc(encoded_length, sizeof(char)); // Base64encode(encoded_hash, (char *) hash, hash_length); // // output_to_stream(encoded_hash, output); return 0; } return 1; }
/* * This function expects a password and a hash to verify the password against. * The internal implementation is tuned to avoid timing attacks. * * The return value will be -1 in case of errors, zero if the provided password * matches the given hash and greater than zero if no errors are found and the * passwords don't match. * */ int bcrypt_checkpw(const char *passwd, const char hash[BCRYPT_HASHSIZE]) { int ret; char outhash[BCRYPT_HASHSIZE]; ret = bcrypt_hashpw(passwd, hash, outhash); if (ret != 0) return -1; return timing_safe_strcmp(hash, outhash); }
static int bcrypt_encrypt( const struct berval *scheme, const struct berval *passwd, struct berval *msg, const char **text) { char salt[BCRYPT_HASHSIZE] = {0}; char hash[BCRYPT_HASHSIZE] = {0}; int rc; int i = 0; rc = bcrypt_gensalt(BCRYPT_ITERATION, salt); #ifdef SLAPD_BCRYPT_DEBUG printf("DEBUG bcrypt_encrypt()\n"); if(rc != 0) { printf("bcrypt_gensalt error %d\n", rc); } else { printf("bcrypt_gensalt OK %d\n", rc); } printf("Salt: "); for(; i < BCRYPT_HASHSIZE; i++) { printf("%c", salt[i]); } printf("\n"); #endif if(rc != 0) return LUTIL_PASSWD_ERR; rc = bcrypt_hashpw(passwd->bv_val, salt, hash); #ifdef SLAPD_BCRYPT_DEBUG if(rc != 0) { printf("bcrypt_hashpw error %d\n", rc); } else { printf("bcrypt_hashpw OK %d\n", rc); } #endif if(rc != 0) return LUTIL_PASSWD_ERR; msg->bv_len = asprintf(&msg->bv_val, "%s%s", scheme->bv_val, hash); #ifdef SLAPD_BCRYPT_DEBUG printf("bcrypt_encrypt() result: "); printf("%s%s\n", scheme->bv_val, hash); #endif if(msg->bv_len < 0){ return LUTIL_PASSWD_ERR; } return LUTIL_PASSWD_OK; }
int main(int argc, char *argv[]) { char salt[BCRYPT_HASHSIZE]; char hash[BCRYPT_HASHSIZE]; int log_rounds = 12; if (argc != 2 && argc != 3) { fprintf(stderr, "usage: %s <plaintext> [<rounds>|<hash>]\n", argv[0]); exit(EXIT_FAILURE); } if (argc == 2 || sscanf(argv[2], "%d", &log_rounds) == 1) { bcrypt_gensalt(log_rounds, salt); bcrypt_hashpw(argv[1], salt, hash); printf("%s\n", hash); } else { bcrypt_hashpw(argv[1], argv[2], hash); printf("Expected: %s\n", argv[2]); printf(" Actual: %s\n", hash); if (strcmp(argv[2], hash) == 0) { printf("The password matches\n"); } else { printf("The password does NOT match\n"); } } return 0; }
CSString CBCrypt::HashBCrypt(const char* password, int iPrefixCode, int iCost) // static { char salt[BCRYPT_HASHSIZE]; char hash[BCRYPT_HASHSIZE]; const char *pcPrefix; switch (iPrefixCode) { default: case 0: pcPrefix = "$2a$"; break; case 1: pcPrefix = "$2b$"; break; case 2: pcPrefix = "$2y$"; break; case 3: pcPrefix = "$1$"; break; case 4: pcPrefix = "_"; break; } if (bcrypt_gensalt(pcPrefix, iCost, salt) != 0) return CSString(); if (bcrypt_hashpw(password, salt, hash) != 0) return CSString(); return CSString(hash); }
static int bcrypt_check( const struct berval *scheme, const struct berval *passwd, const struct berval *cred, const char **text) { int rc; int i = 0; #ifdef SLAPD_BCRYPT_DEBUG printf("DEBUG bcrypt_check()\n"); printf(" Stored Value:\t%s\n", passwd->bv_val); printf(" Input Cred:\t%s\n", cred->bv_val); #endif char hash[BCRYPT_HASHSIZE] = {0}; rc = bcrypt_hashpw(cred->bv_val, passwd->bv_val, hash); #ifdef SLAPD_BCRYPT_DEBUG if(rc != 0) { printf("bcrypt_hashpw error %d\n", rc); } else { printf("bcrypt_hashpw OK %d\n", rc); } #endif if(rc != 0) return LUTIL_PASSWD_ERR; #ifdef SLAPD_BCRYPT_DEBUG printf(" Hash:\t%s\n", hash); #endif if (strcmp(passwd->bv_val, hash) == 0) { return LUTIL_PASSWD_OK; } else { return LUTIL_PASSWD_ERR; } }