From 485c0a8c9d6cd4c2e28993d5f0e6e27e9c49bc82 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 29 Jun 2018 16:31:14 -0400 Subject: Support bcrypt 2b and 2y Continue to default to 2a since older versions don't know about 2b. Both 2b and 2y are identical to our implementation of 2a since we never implemented the relevant bugs which necessitated the new formats. --- src/lib/passhash/bcrypt/bcrypt.h | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'src/lib/passhash/bcrypt/bcrypt.h') diff --git a/src/lib/passhash/bcrypt/bcrypt.h b/src/lib/passhash/bcrypt/bcrypt.h index f5b811333..7d46e836c 100644 --- a/src/lib/passhash/bcrypt/bcrypt.h +++ b/src/lib/passhash/bcrypt/bcrypt.h @@ -17,15 +17,24 @@ class RandomNumberGenerator; /** * Create a password hash using Bcrypt -* @param password the password +* +* @warning The password is truncated at at most 72 characters; characters after +* that do not have any effect on the resulting hash. To support longer +* passwords, consider pre-hashing the password, for example by using +* the hex encoding of SHA-256 of the password as the input to bcrypt. +* +* @param password the password. * @param rng a random number generator * @param work_factor how much work to do to slow down guessing attacks +* @param version which version to emit (may be 'a', 'b', or 'y' all of which +* have identical behavior in this implementation). * * @see https://www.usenix.org/events/usenix99/provos/provos_html/ */ std::string BOTAN_PUBLIC_API(2,0) generate_bcrypt(const std::string& password, - RandomNumberGenerator& rng, - uint16_t work_factor = 10); + RandomNumberGenerator& rng, + uint16_t work_factor = 10, + char version = 'a'); /** * Check a previously created password hash @@ -33,7 +42,7 @@ std::string BOTAN_PUBLIC_API(2,0) generate_bcrypt(const std::string& password, * @param hash the stored hash to check against */ bool BOTAN_PUBLIC_API(2,0) check_bcrypt(const std::string& password, - const std::string& hash); + const std::string& hash); } -- cgit v1.2.3