/* Returns 0 if passwords match. Returns -1 if password does not match stored hash Returns 1 if password file cannot be opened */ int verify_password_from_file(char * password){ FILE * password_file = fopen(PASSWORD_FILE, "r"); if (NULL != password_file){ // Grab the base64 encoded hash from the passwords file char stored_hash[BCRYPT_HASHSIZE]; read_string_from_file(stored_hash, BCRYPT_HASHSIZE, password_file, NULL); fclose(password_file); return bcrypt_checkpw(password, stored_hash); // // // Convert base 64 encoded PW hash into binary string // int stored_hash_num_bytes = Base64decode_len(stored_hash); // char * stored_hash_bytes = (char *) calloc(stored_hash_num_bytes, sizeof(char)); // Base64decode(stored_hash_bytes, stored_hash); // // // Hash the user's submitted password // unsigned char hash[crypto_hash_BYTES]; // crypto_hash(hash, (unsigned char *) password, strlen(password)); // // // Compare hashes using constant time function to prevent timing attacks // return crypto_verify_32((unsigned char *) stored_hash_bytes, hash); } return 1; }
int main(void) { clock_t before; clock_t after; char salt[BCRYPT_HASHSIZE]; char hash[BCRYPT_HASHSIZE]; int ret; const char pass[] = "hi,mom"; const char hash1[] = "$2a$10$VEVmGHy4F4XQMJ3eOZJAUeb.MedU0W10pTPCuf53eHdKJPiSE8sMK"; const char hash2[] = "$2a$10$3F0BVk5t8/aoS.3ddaB3l.fxg5qvafQ9NybxcpXLzMeAt.nVWn.NO"; ret = bcrypt_gensalt(12, salt); assert(ret == 0); printf("Generated salt: %s\n", salt); before = clock(); ret = bcrypt_hashpw("testtesttest", salt, hash); assert(ret == 0); after = clock(); printf("Hashed password: %s\n", hash); printf("Time taken: %f seconds\n", (double)(after - before) / CLOCKS_PER_SEC); ret = bcrypt_hashpw(pass, hash1, hash); assert(ret == 0); printf("First hash check: %s\n", (strcmp(hash1, hash) == 0)?"OK":"FAIL"); ret = bcrypt_hashpw(pass, hash2, hash); assert(ret == 0); printf("Second hash check: %s\n", (strcmp(hash2, hash) == 0)?"OK":"FAIL"); before = clock(); ret = (bcrypt_checkpw(pass, hash1) == 0); after = clock(); printf("First hash check with bcrypt_checkpw: %s\n", ret?"OK":"FAIL"); printf("Time taken: %f seconds\n", (double)(after - before) / CLOCKS_PER_SEC); before = clock(); ret = (bcrypt_checkpw(pass, hash2) == 0); after = clock(); printf("Second hash check with bcrypt_checkpw: %s\n", ret?"OK":"FAIL"); printf("Time taken: %f seconds\n", (double)(after - before) / CLOCKS_PER_SEC); return 0; }
bool CBCrypt::ValidateBCrypt(const char* password, const char* hash) // static { return (bcrypt_checkpw(password, hash) == 0); }