g3p-hash-2.0.0.0: Global Password Prehash Protocol
Copyright(c) 2024 Auth Global
LicenseApache2 A very minimal binding to the core of the bcrypt algorithm, adapted from OpenBSD's implementation. The Global Password Prehash Protocol version G3Pb1 cannot be implemented in terms of standard bcrypt interfaces for several reasons: 1. Standard bcrypt hashes are truncated to 23 bytes. The G3P depends on all 24 output bytes. 2. Standard bcrypt must specify a number of rounds that is a power of two. The G3P allows any number of rounds between 1 and 2^32 inclusive. 3. the G3P needs unimpeded access to the full 72 byte password input. This is not doable with all bcrypt variants. 4. Standard bcrypt limits salt length to 16 bytes. Version 1 of the G3P depends on 72 byte salt parameters, and Version 2 depends on 4168 byte salts. 5. In addition to the standard salt parameter, Version 2 of the G3P depends on two additional 4168 byte salt parameters which are assumed to be filled with null bytes by standard bcrypt. 6. G3Pb2 also implements a counter at the start of the excess salt For this reason, this binding completely removes the code for handling unix-style bcrypt hashes, which has repeatedly proven problematic. One of the major design motifs of the G3P is to replace this cruft with PHKDF, which is intended to be bulletproof. Note that this binding doesn't (currently?) support the @2a@ and @2x@ variants. On the other hand, at least the 2a variant depends on overflow, which as undefined behavior in C is allowed to compile to whatever it wants... so there might be multiple variants of the @2a@ "variant" of bcrypt floating around out there, depending on particular C implementations and possibly even specific to architectures, compiler flags, and versions
Safe HaskellSafe-Inferred
LanguageHaskell2010

Crypto.G3P.BCrypt

Description

 
Synopsis

Documentation

bcrypt Source #

Arguments

:: ByteString

password

-> ByteString

unix-style salt string

-> Maybe ByteString

unix-style password hash string

OpenBSD-compatible bcrypt

bcrypt_saltLength :: Int Source #

bcrypt_maxPasswordLength :: Int Source #

bcrypt_formatSaltString Source #

Arguments

:: Char

Variant, must be 'b' for now

-> Word8

Cost factor, must be between 4 and 31 inclusive

-> ByteString

Binary salt, must be 16 bytes long

-> ByteString

Binary hash, must be 0 or 23 bytes long

-> Maybe ByteString 

produce a standard salt string for bcrypt, with or without a password hash.

bcrypt_parseSaltString :: ByteString -> Maybe (Char, Word8, ByteString, ByteString) Source #

Given a salt string (e.g. "$2b$12$...") in the OpenBSD format, returns (variant, work cost, binary salt, binary hash). The only supported variant is currently 'b'. The cost must be between 4 and 31, and the input string must be either 29 or 60 bytes long, depending on whether the salt string includes a password hash.

bcrypt_outputLength :: Int Source #

bcryptRaw :: ByteString -> ByteString -> Word32 -> ByteString Source #

bcryptRaw key salt rounds Be aware that keys and salts that are longer than 72 bytes do get truncated to exactly 72 bytes. This binding will return a hash that is exactly 24 bytes long.

Note the rounds parameter is one less than the number of rounds to be computed. Thus if you want something equivalent to the traditional bcrypt cost parameter of 12, you need to specify 4095 rounds. This is because 2^12 - 1 = 4095.

bcryptRaw_maxInputLength :: Int Source #

Any input longer than 72 bytes will be truncated.

bcryptRaw_outputLength :: Int Source #

Any output hash from bcryptRaw will be exactly 24 bytes long.

bcryptXsFree :: forall f a. Foldable f => (a -> ByteString) -> ByteString -> f a -> ByteString -> f a -> ByteString -> Word32 -> HmacKeyPrefixed -> (Int, HmacKeyPrefixed) Source #