Package net.sf.basedb.util.bcrypt
Class BCrypt
java.lang.Object
net.sf.basedb.util.bcrypt.BCrypt
public class BCrypt extends Object
BCrypt implements OpenBSD-style Blowfish password hashing using
the scheme described in "A Future-Adaptable Password Scheme" by
Niels Provos and David Mazieres.
This password hashing system tries to thwart off-line password cracking using a computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. The work factor of the algorithm is parameterised, so it can be increased as computers get faster.
Usage is really simple. To hash a password for the first time, call the hashpw method with a random salt, like this:
String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());
To check whether a plaintext password matches one that has been hashed previously, use the checkpw method:
if (BCrypt.checkpw(candidate_password, stored_hash))
System.out.println("It matches");
else
System.out.println("It does not match");
The gensalt() method takes an optional parameter (log_rounds) that determines the computational complexity of the hashing:
String strong_salt = BCrypt.gensalt(10)
String stronger_salt = BCrypt.gensalt(12)
The amount of work increases exponentially (2**log_rounds), so each increment is twice as much work. The default log_rounds is 10, and the valid range is 4 to 30.
- Version:
- 0.2
- Author:
- Damien Miller
-
Field Summary
Fields Modifier and Type Field Description private static char[]base64_codeprivate static intBCRYPT_SALT_LENprivate static int[]bf_crypt_ciphertextprivate static intBLOWFISH_NUM_ROUNDSprivate static intGENSALT_DEFAULT_LOG2_ROUNDSprivate static byte[]index_64private int[]Pprivate static int[]P_origprivate int[]Sprivate static int[]S_orig -
Constructor Summary
Constructors Constructor Description BCrypt() -
Method Summary
Modifier and Type Method Description private static bytechar64(char x)Look up the 3 bits base64-encoded by the specified character, range-checking againt conversion tablestatic booleancheckpw(String plaintext, String hashed)Check that a plaintext password matches a previously hashed onebyte[]crypt_raw(byte[] password, byte[] salt, int log_rounds, int[] cdata)Perform the central password hashing step in the bcrypt schemeprivate static byte[]decode_base64(String s, int maxolen)Decode a string encoded using bcrypt's base64 scheme to a byte array.private voidekskey(byte[] data, byte[] key)Perform the "enhanced key schedule" step described by Provos and Mazieres in "A Future-Adaptable Password Scheme" http://www.openbsd.org/papers/bcrypt-paper.psprivate voidencipher(int[] lr, int off)Blowfish encipher a single 64-bit block encoded as two 32-bit halvesprivate static Stringencode_base64(byte[] d, int len)Encode a byte array using bcrypt's slightly-modified base64 encoding scheme.static Stringgensalt()Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to applystatic Stringgensalt(int log_rounds)Generate a salt for use with the BCrypt.hashpw() methodstatic Stringgensalt(int log_rounds, SecureRandom random)Generate a salt for use with the BCrypt.hashpw() methodstatic Stringhashpw(String password, String salt)Hash a password using the OpenBSD bcrypt schemeprivate voidinit_key()Initialise the Blowfish key scheduleprivate voidkey(byte[] key)Key the Blowfish cipherprivate static intstreamtoword(byte[] data, int[] offp)Cycically extract a word of key material
-
Field Details
-
GENSALT_DEFAULT_LOG2_ROUNDS
private static final int GENSALT_DEFAULT_LOG2_ROUNDS- See Also:
- Constant Field Values
-
BCRYPT_SALT_LEN
private static final int BCRYPT_SALT_LEN- See Also:
- Constant Field Values
-
BLOWFISH_NUM_ROUNDS
private static final int BLOWFISH_NUM_ROUNDS- See Also:
- Constant Field Values
-
P_orig
private static final int[] P_orig -
S_orig
private static final int[] S_orig -
bf_crypt_ciphertext
private static final int[] bf_crypt_ciphertext -
base64_code
private static final char[] base64_code -
index_64
private static final byte[] index_64 -
P
private int[] P -
S
private int[] S
-
-
Constructor Details
-
BCrypt
public BCrypt()
-
-
Method Details
-
encode_base64
Encode a byte array using bcrypt's slightly-modified base64 encoding scheme. Note that this is *not* compatible with the standard MIME-base64 encoding.- Parameters:
d- the byte array to encodelen- the number of bytes to encode- Returns:
- base64-encoded string
- Throws:
IllegalArgumentException- if the length is invalid
-
char64
private static byte char64(char x)Look up the 3 bits base64-encoded by the specified character, range-checking againt conversion table- Parameters:
x- the base64-encoded value- Returns:
- the decoded value of x
-
decode_base64
Decode a string encoded using bcrypt's base64 scheme to a byte array. Note that this is *not* compatible with the standard MIME-base64 encoding.- Parameters:
s- the string to decodemaxolen- the maximum number of bytes to decode- Returns:
- an array containing the decoded bytes
- Throws:
IllegalArgumentException- if maxolen is invalid
-
encipher
private final void encipher(int[] lr, int off)Blowfish encipher a single 64-bit block encoded as two 32-bit halves- Parameters:
lr- an array containing the two 32-bit half blocksoff- the position in the array of the blocks
-
streamtoword
private static int streamtoword(byte[] data, int[] offp)Cycically extract a word of key material- Parameters:
data- the string to extract the data fromoffp- a "pointer" (as a one-entry array) to the current offset into data- Returns:
- the next word of material from data
-
init_key
private void init_key()Initialise the Blowfish key schedule -
key
private void key(byte[] key)Key the Blowfish cipher- Parameters:
key- an array containing the key
-
ekskey
private void ekskey(byte[] data, byte[] key)Perform the "enhanced key schedule" step described by Provos and Mazieres in "A Future-Adaptable Password Scheme" http://www.openbsd.org/papers/bcrypt-paper.ps- Parameters:
data- salt informationkey- password information
-
crypt_raw
public byte[] crypt_raw(byte[] password, byte[] salt, int log_rounds, int[] cdata)Perform the central password hashing step in the bcrypt scheme- Parameters:
password- the password to hashsalt- the binary salt to hash with the passwordlog_rounds- the binary logarithm of the number of rounds of hashing to applycdata- the plaintext to encrypt- Returns:
- an array containing the binary hashed password
-
hashpw
Hash a password using the OpenBSD bcrypt scheme- Parameters:
password- the password to hashsalt- the salt to hash with (perhaps generated using BCrypt.gensalt)- Returns:
- the hashed password
-
gensalt
Generate a salt for use with the BCrypt.hashpw() method- Parameters:
log_rounds- the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.random- an instance of SecureRandom to use- Returns:
- an encoded salt value
-
gensalt
Generate a salt for use with the BCrypt.hashpw() method- Parameters:
log_rounds- the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.- Returns:
- an encoded salt value
-
gensalt
Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply- Returns:
- an encoded salt value
-
checkpw
Check that a plaintext password matches a previously hashed one- Parameters:
plaintext- the plaintext password to verifyhashed- the previously-hashed password- Returns:
- true if the passwords match, false otherwise
-