💾 Archived View for gmi.noulin.net › gitRepositories › bcrypt › file › README.md.gmi captured on 2023-07-10 at 15:02:55. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
README.md (2309B)
1 # async bcrypt implemented in C
2
3 ## Security Issues/Concerns
4
5 > Per bcrypt implementation, only the first 72 characters of a string are used. Any extra characters are ignored when matching passwords.
6
7 As should be the case with any security tool, this library should be scrutinized by anyone using it. If you find or suspect an issue with the code- please bring it to my attention and I'll spend some time trying to make sure that this tool is as secure as possible.
8
9 ## Install
10
11 With SPM (get SPM from [sheepy](https://spartatek.se/r/sheepy/file/README.md.html)):
12
13 ```
14 spm install bcrypt
15 ```
16
17 ## Usage
18
19 ### async
20
21 #### To hash password
22
23 ```c
24 void callback(i64 err, char hash[BCRYPT_HASHSIZE], void *env) {
25 puts(hash);
26 }
27
28 bcryptHash("passwd", 12, callback, NULL);
29 ```
30
31 #### To check password
32
33 ```c
34 void checkCallback(i64 err, int result, void *callbackEnv) {
35 if (result) {
36 printf("The password matches\n");
37 } else {
38 printf("The password does NOT match\n");
39 }
40 }
41
42 char hash[BCRYPT_HASHSIZE];
43 bcryptCheck("passwd", hash, checkCallback, NULL);
44 ```
45
46 (you might add __tpoolWait__ at the program end to wait until the jobs in the threadpool are finished)
47
48 ### sync
49
50 ```c
51 // Hashing a password:
52
53 char salt[BCRYPT_HASHSIZE];
54 char hash[BCRYPT_HASHSIZE];
55 int ret;
56
57 ret = bcryptGensaltSync(12, salt);
58 assert(ret);
59 ret = bcryptHashSync("thepassword", salt, hash);
60 assert(ret);
61
62
63 // Verifying a password:
64
65 int ret;
66
67 ret = bcryptCheckSync("thepassword", "expectedhash");
68 assert(ret != -1);
69
70 if (ret) {
71 printf("The password matches\n");
72 } else {
73 printf("The password does NOT match\n");
74 }
75 ```
76
77 ## A Note on Rounds
78
79 A note about the cost. When you are hashing your data the module will go through a series of rounds to give you a secure hash. The value you submit there is not just the number of rounds that the module will go through to hash your data. The module will use the value you enter and go through `2^rounds` iterations of processing.
80
81 From @garthk, on a 2GHz core you can roughly expect:
82
83 rounds=8 : ~40 hashes/sec
84 rounds=9 : ~20 hashes/sec
85 rounds=10: ~10 hashes/sec
86 rounds=11: ~5 hashes/sec
87 rounds=12: 2-3 hashes/sec
88 rounds=13: ~1 sec/hash
89 rounds=14: ~1.5 sec/hash
90 rounds=15: ~3 sec/hash
91 rounds=25: ~1 hour/hash
92 rounds=31: 2-3 days/hash