💾 Archived View for gmi.noulin.net › markdown › bcrypt_README.md captured on 2023-07-10 at 18:17:37.

View Raw

More Information

-=-=-=-=-=-=-

# async bcrypt implemented in C

## Security Issues/Concerns

> Per bcrypt implementation, only the first 72 characters of a string are used. Any extra characters are ignored when matching passwords.

As should be the case with any security tool, this library should be scrutinized by anyone using it. If you find or suspect an issue with the code- please bring it to my attention and I'll spend some time trying to make sure that this tool is as secure as possible.

## Install

With SPM (get SPM from [sheepy](https://spartatek.se/r/sheepy/file/README.md.html)):

spm install bcrypt

## Usage

### async

#### To hash password

void callback(i64 err, char hash[BCRYPT_HASHSIZE], void *env) {

puts(hash);

}

bcryptHash("passwd", 12, callback, NULL);

#### To check password

void checkCallback(i64 err, int result, void *callbackEnv) {

if (result) {

printf("The password matches\n");

} else {

printf("The password does NOT match\n");

}

}

char hash[BCRYPT_HASHSIZE];

bcryptCheck("passwd", hash, checkCallback, NULL);

(you might add __tpoolWait__ at the program end to wait until the jobs in the threadpool are finished)

### sync

// Hashing a password:

char salt[BCRYPT_HASHSIZE];

char hash[BCRYPT_HASHSIZE];

int ret;

ret = bcryptGensaltSync(12, salt);

assert(ret);

ret = bcryptHashSync("thepassword", salt, hash);

assert(ret);

// Verifying a password:

int ret;

ret = bcryptCheckSync("thepassword", "expectedhash");

assert(ret != -1);

if (ret) {

printf("The password matches\n");

} else {

printf("The password does NOT match\n");

}

## A Note on Rounds

A note about the cost. When you are hashing your data the module will go through a series of rounds to give you a secure hash. The value you submit there is not just the number of rounds that the module will go through to hash your data. The module will use the value you enter and go through `2^rounds` iterations of processing.

From @garthk, on a 2GHz core you can roughly expect:

    rounds=8 : ~40 hashes/sec
    rounds=9 : ~20 hashes/sec
    rounds=10: ~10 hashes/sec
    rounds=11: ~5  hashes/sec
    rounds=12: 2-3 hashes/sec
    rounds=13: ~1 sec/hash
    rounds=14: ~1.5 sec/hash
    rounds=15: ~3 sec/hash
    rounds=25: ~1 hour/hash
    rounds=31: 2-3 days/hash