bcrypt

bcrypt with a threadpool
git clone https://noulin.net/git/bcrypt.git
Log | Files | Refs | README | LICENSE

README.md (2309B)

      1 # async bcrypt implemented in C
      2 
      3 ## Security Issues/Concerns
      4 
      5 > Per bcrypt implementation, only the first 72 characters of a string are used. Any extra characters are ignored when matching passwords.
      6 
      7 As should be the case with any security tool, this library should be scrutinized by anyone using it. If you find or suspect an issue with the code- please bring it to my attention and I'll spend some time trying to make sure that this tool is as secure as possible.
      8 
      9 ## Install
     10 
     11 With SPM (get SPM from [sheepy](https://spartatek.se/r/sheepy/file/README.md.html)):
     12 
     13 ```
     14 spm install bcrypt
     15 ```
     16 
     17 ## Usage
     18 
     19 ### async
     20 
     21 #### To hash password
     22 
     23 ```c
     24 void callback(i64 err, char hash[BCRYPT_HASHSIZE], void *env) {
     25 	puts(hash);
     26 }
     27 
     28 bcryptHash("passwd", 12, callback, NULL);
     29 ```
     30 
     31 #### To check password
     32 
     33 ```c
     34 void checkCallback(i64 err, int result, void *callbackEnv) {
     35 	if (result) {
     36 		printf("The password matches\n");
     37 	} else {
     38 		printf("The password does NOT match\n");
     39 	}
     40 }
     41 
     42 char hash[BCRYPT_HASHSIZE];
     43 bcryptCheck("passwd", hash, checkCallback, NULL);
     44 ```
     45 
     46 (you might add __tpoolWait__ at the program end to wait until the jobs in the threadpool are finished)
     47 
     48 ### sync
     49 
     50 ```c
     51 // Hashing a password:
     52 
     53 	char salt[BCRYPT_HASHSIZE];
     54 	char hash[BCRYPT_HASHSIZE];
     55 	int ret;
     56 
     57 	ret = bcryptGensaltSync(12, salt);
     58 	assert(ret);
     59 	ret = bcryptHashSync("thepassword", salt, hash);
     60 	assert(ret);
     61 
     62 
     63 // Verifying a password:
     64 
     65 	int ret;
     66 
     67       ret = bcryptCheckSync("thepassword", "expectedhash");
     68       assert(ret != -1);
     69 
     70 	if (ret) {
     71 		printf("The password matches\n");
     72 	} else {
     73 		printf("The password does NOT match\n");
     74 	}
     75 ```
     76 
     77 ## A Note on Rounds
     78 
     79 A note about the cost. When you are hashing your data the module will go through a series of rounds to give you a secure hash. The value you submit there is not just the number of rounds that the module will go through to hash your data. The module will use the value you enter and go through `2^rounds` iterations of processing.
     80 
     81 From @garthk, on a 2GHz core you can roughly expect:
     82 
     83     rounds=8 : ~40 hashes/sec
     84     rounds=9 : ~20 hashes/sec
     85     rounds=10: ~10 hashes/sec
     86     rounds=11: ~5  hashes/sec
     87     rounds=12: 2-3 hashes/sec
     88     rounds=13: ~1 sec/hash
     89     rounds=14: ~1.5 sec/hash
     90     rounds=15: ~3 sec/hash
     91     rounds=25: ~1 hour/hash
     92     rounds=31: 2-3 days/hash