Safe Haskell | Safe-Inferred |
---|---|
Language | Haskell2010 |
A very minimal binding to the core of the bcrypt algorithm, adapted from OpenBSD's implementation. The Global Password Prehash Protocol version G3Pb1 cannot be implemented in terms of standard bcrypt interfaces for several reasons:
- Standard bcrypt hashes are truncated to 23 bytes. The G3P depends on all 24 output bytes.
- Standard bcrypt must specify a number of rounds that is a power of two. The G3P allows any number of rounds between 1 and 2^32 inclusive.
- the G3P needs unimpeded access to the full 72 byte password input. This is not doable with all bcrypt variants.
- Standard bcrypt limits salt length to 16 bytes. The G3P depends on 72 byte salt parameters.
For this reason, this binding completely removes the code for handling unix-style bcrypt hashes, which has repeatedly proven problematic. One of the major design motifs of the G3P is to replace this cruft with PHKDF, which is intended to be bulletproof.
Similarly, this binding cannot be directly used to process unix-style bcrypt hashes, which does make testing a bit of a challenge. However, the core algorithm is unmodified, so implementing unix-style hash handling in terms of this binding is very much possible.
This will be done in the test suite for this library. Hopefully that implementation will eventually migrate here, once it's production-ready, so that this binding might also be used to handle standard bcrypt hashes directly.
Synopsis
Documentation
bcryptRaw :: ByteString -> ByteString -> Word32 -> ByteString Source #
bcryptRaw key salt rounds
Be aware that keys and salts that are longer
than 72 bytes do get truncated to exactly 72 bytes. This binding will
return a hash that is exactly 24 bytes long.
Note the rounds parameter is one less than the number of rounds to be
computed. Thus if you want something equivalent to the traditional bcrypt
cost parameter of 12, you need to specify 4095 rounds. This is because
2^12 - 1 = 4095
.
bcryptRaw_maxInputLength :: Int Source #
Any input longer than 72 bytes will be truncated.
bcryptRaw_outputLength :: Int Source #
Any output hash from bcryptRaw
will be exactly 24 bytes long.