💾 Archived View for gmi.noulin.net › gitRepositories › bcrypt › file › README.md.gmi captured on 2024-09-29 at 00:24:10. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-01-29)

-=-=-=-=-=-=-

bcrypt

Log

Files

Refs

README

LICENSE

README.md (2309B)

     1 # async bcrypt implemented in C
     2 
     3 ## Security Issues/Concerns
     4 
     5 > Per bcrypt implementation, only the first 72 characters of a string are used. Any extra characters are ignored when matching passwords.
     6 
     7 As should be the case with any security tool, this library should be scrutinized by anyone using it. If you find or suspect an issue with the code- please bring it to my attention and I'll spend some time trying to make sure that this tool is as secure as possible.
     8 
     9 ## Install
    10 
    11 With SPM (get SPM from [sheepy](https://spartatek.se/r/sheepy/file/README.md.html)):
    12 
    13 ```
    14 spm install bcrypt
    15 ```
    16 
    17 ## Usage
    18 
    19 ### async
    20 
    21 #### To hash password
    22 
    23 ```c
    24 void callback(i64 err, char hash[BCRYPT_HASHSIZE], void *env) {
    25         puts(hash);
    26 }
    27 
    28 bcryptHash("passwd", 12, callback, NULL);
    29 ```
    30 
    31 #### To check password
    32 
    33 ```c
    34 void checkCallback(i64 err, int result, void *callbackEnv) {
    35         if (result) {
    36                 printf("The password matches\n");
    37         } else {
    38                 printf("The password does NOT match\n");
    39         }
    40 }
    41 
    42 char hash[BCRYPT_HASHSIZE];
    43 bcryptCheck("passwd", hash, checkCallback, NULL);
    44 ```
    45 
    46 (you might add __tpoolWait__ at the program end to wait until the jobs in the threadpool are finished)
    47 
    48 ### sync
    49 
    50 ```c
    51 // Hashing a password:
    52 
    53         char salt[BCRYPT_HASHSIZE];
    54         char hash[BCRYPT_HASHSIZE];
    55         int ret;
    56 
    57         ret = bcryptGensaltSync(12, salt);
    58         assert(ret);
    59         ret = bcryptHashSync("thepassword", salt, hash);
    60         assert(ret);
    61 
    62 
    63 // Verifying a password:
    64 
    65         int ret;
    66 
    67       ret = bcryptCheckSync("thepassword", "expectedhash");
    68       assert(ret != -1);
    69 
    70         if (ret) {
    71                 printf("The password matches\n");
    72         } else {
    73                 printf("The password does NOT match\n");
    74         }
    75 ```
    76 
    77 ## A Note on Rounds
    78 
    79 A note about the cost. When you are hashing your data the module will go through a series of rounds to give you a secure hash. The value you submit there is not just the number of rounds that the module will go through to hash your data. The module will use the value you enter and go through `2^rounds` iterations of processing.
    80 
    81 From @garthk, on a 2GHz core you can roughly expect:
    82 
    83     rounds=8 : ~40 hashes/sec
    84     rounds=9 : ~20 hashes/sec
    85     rounds=10: ~10 hashes/sec
    86     rounds=11: ~5  hashes/sec
    87     rounds=12: 2-3 hashes/sec
    88     rounds=13: ~1 sec/hash
    89     rounds=14: ~1.5 sec/hash
    90     rounds=15: ~3 sec/hash
    91     rounds=25: ~1 hour/hash
    92     rounds=31: 2-3 days/hash