Class BCrypt

java.lang.Object
net.sf.basedb.util.bcrypt.BCrypt

public class BCrypt extends Object
BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.

This password hashing system tries to thwart off-line password cracking using a computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. The work factor of the algorithm is parameterised, so it can be increased as computers get faster.

Usage is really simple. To hash a password for the first time, call the hashpw method with a random salt, like this:

String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());

To check whether a plaintext password matches one that has been hashed previously, use the checkpw method:

if (BCrypt.checkpw(candidate_password, stored_hash))
    System.out.println("It matches");
else
    System.out.println("It does not match");

The gensalt() method takes an optional parameter (log_rounds) that determines the computational complexity of the hashing:

String strong_salt = BCrypt.gensalt(10)
String stronger_salt = BCrypt.gensalt(12)

The amount of work increases exponentially (2**log_rounds), so each increment is twice as much work. The default log_rounds is 10, and the valid range is 4 to 30.

Version:
0.2
Author:
Damien Miller
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    private static final char[]
     
    private static final int
     
    private static final int[]
     
    private static final int
     
    private static final int
     
    private static final byte[]
     
    private int[]
     
    private static final int[]
     
    private int[]
     
    private static final int[]
     
  • Constructor Summary

    Constructors
    Constructor
    Description
     
  • Method Summary

    Modifier and Type
    Method
    Description
    private static byte
    char64(char x)
    Look up the 3 bits base64-encoded by the specified character, range-checking againt conversion table
    static boolean
    checkpw(String plaintext, String hashed)
    Check that a plaintext password matches a previously hashed one
    byte[]
    crypt_raw(byte[] password, byte[] salt, int log_rounds, int[] cdata)
    Perform the central password hashing step in the bcrypt scheme
    private static byte[]
    decode_base64(String s, int maxolen)
    Decode a string encoded using bcrypt's base64 scheme to a byte array.
    private void
    ekskey(byte[] data, byte[] key)
    Perform the "enhanced key schedule" step described by Provos and Mazieres in "A Future-Adaptable Password Scheme" http://www.openbsd.org/papers/bcrypt-paper.ps
    private final void
    encipher(int[] lr, int off)
    Blowfish encipher a single 64-bit block encoded as two 32-bit halves
    private static String
    encode_base64(byte[] d, int len)
    Encode a byte array using bcrypt's slightly-modified base64 encoding scheme.
    static String
    Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply
    static String
    gensalt(int log_rounds)
    Generate a salt for use with the BCrypt.hashpw() method
    static String
    gensalt(int log_rounds, SecureRandom random)
    Generate a salt for use with the BCrypt.hashpw() method
    static String
    hashpw(String password, String salt)
    Hash a password using the OpenBSD bcrypt scheme
    private void
    Initialise the Blowfish key schedule
    private void
    key(byte[] key)
    Key the Blowfish cipher
    private static int
    streamtoword(byte[] data, int[] offp)
    Cycically extract a word of key material

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Field Details

    • GENSALT_DEFAULT_LOG2_ROUNDS

      private static final int GENSALT_DEFAULT_LOG2_ROUNDS
      See Also:
    • BCRYPT_SALT_LEN

      private static final int BCRYPT_SALT_LEN
      See Also:
    • BLOWFISH_NUM_ROUNDS

      private static final int BLOWFISH_NUM_ROUNDS
      See Also:
    • P_orig

      private static final int[] P_orig
    • S_orig

      private static final int[] S_orig
    • bf_crypt_ciphertext

      private static final int[] bf_crypt_ciphertext
    • base64_code

      private static final char[] base64_code
    • index_64

      private static final byte[] index_64
    • P

      private int[] P
    • S

      private int[] S
  • Constructor Details

    • BCrypt

      public BCrypt()
  • Method Details

    • encode_base64

      private static String encode_base64(byte[] d, int len) throws IllegalArgumentException
      Encode a byte array using bcrypt's slightly-modified base64 encoding scheme. Note that this is *not* compatible with the standard MIME-base64 encoding.
      Parameters:
      d - the byte array to encode
      len - the number of bytes to encode
      Returns:
      base64-encoded string
      Throws:
      IllegalArgumentException - if the length is invalid
    • char64

      private static byte char64(char x)
      Look up the 3 bits base64-encoded by the specified character, range-checking againt conversion table
      Parameters:
      x - the base64-encoded value
      Returns:
      the decoded value of x
    • decode_base64

      private static byte[] decode_base64(String s, int maxolen) throws IllegalArgumentException
      Decode a string encoded using bcrypt's base64 scheme to a byte array. Note that this is *not* compatible with the standard MIME-base64 encoding.
      Parameters:
      s - the string to decode
      maxolen - the maximum number of bytes to decode
      Returns:
      an array containing the decoded bytes
      Throws:
      IllegalArgumentException - if maxolen is invalid
    • encipher

      private final void encipher(int[] lr, int off)
      Blowfish encipher a single 64-bit block encoded as two 32-bit halves
      Parameters:
      lr - an array containing the two 32-bit half blocks
      off - the position in the array of the blocks
    • streamtoword

      private static int streamtoword(byte[] data, int[] offp)
      Cycically extract a word of key material
      Parameters:
      data - the string to extract the data from
      offp - a "pointer" (as a one-entry array) to the current offset into data
      Returns:
      the next word of material from data
    • init_key

      private void init_key()
      Initialise the Blowfish key schedule
    • key

      private void key(byte[] key)
      Key the Blowfish cipher
      Parameters:
      key - an array containing the key
    • ekskey

      private void ekskey(byte[] data, byte[] key)
      Perform the "enhanced key schedule" step described by Provos and Mazieres in "A Future-Adaptable Password Scheme" http://www.openbsd.org/papers/bcrypt-paper.ps
      Parameters:
      data - salt information
      key - password information
    • crypt_raw

      public byte[] crypt_raw(byte[] password, byte[] salt, int log_rounds, int[] cdata)
      Perform the central password hashing step in the bcrypt scheme
      Parameters:
      password - the password to hash
      salt - the binary salt to hash with the password
      log_rounds - the binary logarithm of the number of rounds of hashing to apply
      cdata - the plaintext to encrypt
      Returns:
      an array containing the binary hashed password
    • hashpw

      public static String hashpw(String password, String salt)
      Hash a password using the OpenBSD bcrypt scheme
      Parameters:
      password - the password to hash
      salt - the salt to hash with (perhaps generated using BCrypt.gensalt)
      Returns:
      the hashed password
    • gensalt

      public static String gensalt(int log_rounds, SecureRandom random)
      Generate a salt for use with the BCrypt.hashpw() method
      Parameters:
      log_rounds - the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.
      random - an instance of SecureRandom to use
      Returns:
      an encoded salt value
    • gensalt

      public static String gensalt(int log_rounds)
      Generate a salt for use with the BCrypt.hashpw() method
      Parameters:
      log_rounds - the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.
      Returns:
      an encoded salt value
    • gensalt

      public static String gensalt()
      Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply
      Returns:
      an encoded salt value
    • checkpw

      public static boolean checkpw(String plaintext, String hashed)
      Check that a plaintext password matches a previously hashed one
      Parameters:
      plaintext - the plaintext password to verify
      hashed - the previously-hashed password
      Returns:
      true if the passwords match, false otherwise