aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/block/blowfish/blowfish.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/block/blowfish/blowfish.cpp')
-rw-r--r--src/lib/block/blowfish/blowfish.cpp18
1 files changed, 11 insertions, 7 deletions
diff --git a/src/lib/block/blowfish/blowfish.cpp b/src/lib/block/blowfish/blowfish.cpp
index 17ac00a1f..68d73cafd 100644
--- a/src/lib/block/blowfish/blowfish.cpp
+++ b/src/lib/block/blowfish/blowfish.cpp
@@ -291,27 +291,31 @@ void Blowfish::key_expansion(const uint8_t key[],
void Blowfish::eks_key_schedule(const uint8_t key[], size_t length,
const uint8_t salt[16], size_t workfactor)
{
- // Truncate longer passwords to the 56 byte limit Blowfish enforces
- length = std::min<size_t>(length, 55);
-
- if(workfactor == 0)
- throw Invalid_Argument("Bcrypt work factor must be at least 1");
/*
* On a 2.8 GHz Core-i7, workfactor == 18 takes about 25 seconds to
* hash a password. This seems like a reasonable upper bound for the
* time being.
+ * Bcrypt allows up to work factor 31 (2^31 iterations)
*/
if(workfactor > 18)
throw Invalid_Argument("Requested Bcrypt work factor " +
- std::to_string(workfactor) + " too large");
+ std::to_string(workfactor) + " too large");
+
+ if(workfactor < 4)
+ throw Invalid_Argument("Bcrypt requires work factor at least 4");
+
+ if(length > 72)
+ {
+ // Truncate longer passwords to the 72 char bcrypt limit
+ length = 72;
+ }
m_P.resize(18);
copy_mem(m_P.data(), P_INIT, 18);
m_S.resize(1024);
copy_mem(m_S.data(), S_INIT, 1024);
-
key_expansion(key, length, salt);
const uint8_t null_salt[16] = { 0 };