Copyright | (c) 2024 Auth Global |
---|---|
License | Apache2 A very minimal binding to the core of the bcrypt algorithm, adapted from OpenBSD's implementation. The Global Password Prehash Protocol version G3Pb1 cannot be implemented in terms of standard bcrypt interfaces for several reasons: 1. Standard bcrypt hashes are truncated to 23 bytes. The G3P depends on all 24 output bytes. 2. Standard bcrypt must specify a number of rounds that is a power of two. The G3P allows any number of rounds between 1 and 2^32 inclusive. 3. the G3P needs unimpeded access to the full 72 byte password input. This is not doable with all bcrypt variants. 4. Standard bcrypt limits salt length to 16 bytes. Version 1 of the G3P depends on 72 byte salt parameters, and Version 2 depends on 4168 byte salts. 5. In addition to the standard salt parameter, Version 2 of the G3P depends on two additional 4168 byte salt parameters which are assumed to be filled with null bytes by standard bcrypt. 6. G3Pb2 also implements a counter at the start of the excess salt For this reason, this binding completely removes the code for handling unix-style bcrypt hashes, which has repeatedly proven problematic. One of the major design motifs of the G3P is to replace this cruft with PHKDF, which is intended to be bulletproof. Note that this binding doesn't (currently?) support the @2a@ and @2x@ variants. On the other hand, at least the 2a variant depends on overflow, which as undefined behavior in C is allowed to compile to whatever it wants... so there might be multiple variants of the @2a@ "variant" of bcrypt floating around out there, depending on particular C implementations and possibly even specific to architectures, compiler flags, and versions |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Crypto.G3P.BCrypt
Description
Synopsis
- bcrypt :: ByteString -> ByteString -> Maybe ByteString
- bcrypt_saltLength :: Int
- bcrypt_maxPasswordLength :: Int
- bcrypt_formatSaltString :: Char -> Word8 -> ByteString -> ByteString -> Maybe ByteString
- bcrypt_parseSaltString :: ByteString -> Maybe (Char, Word8, ByteString, ByteString)
- bcrypt_outputLength :: Int
- bcryptRaw :: ByteString -> ByteString -> Word32 -> ByteString
- bcryptRaw_maxInputLength :: Int
- bcryptRaw_outputLength :: Int
- bcryptXsFree :: forall f a. Foldable f => (a -> ByteString) -> ByteString -> f a -> ByteString -> f a -> ByteString -> Word32 -> HmacKeyPrefixed -> (Int, HmacKeyPrefixed)
Documentation
Arguments
:: ByteString | password |
-> ByteString | unix-style salt string |
-> Maybe ByteString | unix-style password hash string |
OpenBSD-compatible bcrypt
bcrypt_formatSaltString Source #
Arguments
:: Char | Variant, must be |
-> Word8 | Cost factor, must be between 4 and 31 inclusive |
-> ByteString | Binary salt, must be 16 bytes long |
-> ByteString | Binary hash, must be 0 or 23 bytes long |
-> Maybe ByteString |
produce a standard salt string for bcrypt, with or without a password hash.
bcrypt_parseSaltString :: ByteString -> Maybe (Char, Word8, ByteString, ByteString) Source #
Given a salt string (e.g. "$2b$12$...
") in the OpenBSD format,
returns (variant, work cost, binary salt, binary hash). The only supported
variant is currently 'b'
. The cost must be between 4 and 31, and the
input string must be either 29 or 60 bytes long, depending on whether the
salt string includes a password hash.
bcryptRaw :: ByteString -> ByteString -> Word32 -> ByteString Source #
bcryptRaw key salt rounds
Be aware that keys and salts that are longer
than 72 bytes do get truncated to exactly 72 bytes. This binding will
return a hash that is exactly 24 bytes long.
Note the rounds parameter is one less than the number of rounds to be
computed. Thus if you want something equivalent to the traditional bcrypt
cost parameter of 12, you need to specify 4095 rounds. This is because
2^12 - 1 = 4095
.
bcryptRaw_maxInputLength :: Int Source #
Any input longer than 72 bytes will be truncated.
bcryptRaw_outputLength :: Int Source #
Any output hash from bcryptRaw
will be exactly 24 bytes long.
bcryptXsFree :: forall f a. Foldable f => (a -> ByteString) -> ByteString -> f a -> ByteString -> f a -> ByteString -> Word32 -> HmacKeyPrefixed -> (Int, HmacKeyPrefixed) Source #