Overview  Package   Class  Deprecated  Index  Help 
Groovy Documentation
FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

griffon.plugins.bcrypt
[Java] Class BCrypt

java.lang.Object
  griffon.plugins.bcrypt.BCrypt

public class BCrypt
extends Object

BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.

This password hashing system tries to thwart off-line password cracking using a computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. The work factor of the algorithm is parameterised, so it can be increased as computers get faster.

Usage is really simple. To hash a password for the first time, call the hashpw method with a random salt, like this:

String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());

To check whether a plaintext password matches one that has been hashed previously, use the checkpw method:

if (BCrypt.checkpw(candidate_password, stored_hash))
    System.out.println("It matches");
else
    System.out.println("It does not match");

The gensalt() method takes an optional parameter (log_rounds) that determines the computational complexity of the hashing:

String strong_salt = BCrypt.gensalt(10)
String stronger_salt = BCrypt.gensalt(12)

The amount of work increases exponentially (2**log_rounds), so each increment is twice as much work. The default log_rounds is 10, and the valid range is 4 to 31.

Authors:
Damien Miller
Version:
0.2

Field Summary
private static int BCRYPT_SALT_LEN

private static int BLOWFISH_NUM_ROUNDS

private static int GENSALT_DEFAULT_LOG2_ROUNDS

private int[] P

Encode a byte array using bcrypt's slightly-modified base64 encoding scheme.

private static int[] P_orig

private int[] S

private static int[] S_orig

private static char[] base64_code

private static int[] bf_crypt_ciphertext

private static byte[] index_64

 
Constructor Summary
BCrypt()

 
Method Summary
private static byte char64(char x)

Look up the 3 bits base64-encoded by the specified character, range-checking againt conversion table
static boolean checkpw(String plaintext, String hashed)

private byte[] crypt_raw(byte[] password, byte[] salt, int log_rounds)

Perform the central password hashing step in the bcrypt scheme
private static byte[] decode_base64(String s, int maxolen)

private void ekskey(byte[] data, byte[] key)

Perform the "enhanced key schedule" step described by Provos and Mazieres in "A Future-Adaptable Password Scheme" http://www.openbsd.org/papers/bcrypt-paper.ps
private void encipher(int[] lr, int off)

Blowfish encipher a single 64-bit block encoded as two 32-bit halves
private static String encode_base64(byte[] d, int len)

static String gensalt(int log_rounds, SecureRandom random)

Generate a salt for use with the BCrypt.hashpw() method
static String gensalt(int log_rounds)

Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply
static String gensalt()

static String hashpw(String password, String salt)

Hash a password using the OpenBSD bcrypt scheme
private void init_key()

Key the Blowfish cipher
private void key(byte[] key)

private static int streamtoword(byte[] data, int[] offp)

Cycically extract a word of key material
 
Methods inherited from class Object
wait, wait, wait, equals, toString, hashCode, getClass, notify, notifyAll
 

Field Detail

BCRYPT_SALT_LEN

private static final int BCRYPT_SALT_LEN

BLOWFISH_NUM_ROUNDS

private static final int BLOWFISH_NUM_ROUNDS

GENSALT_DEFAULT_LOG2_ROUNDS

private static final int GENSALT_DEFAULT_LOG2_ROUNDS

P

private int[] P
Encode a byte array using bcrypt's slightly-modified base64 encoding scheme. Note that this is *not* compatible with the standard MIME-base64 encoding.
Throws:
IllegalArgumentException if the length is invalid
Parameters:
d the - byte array to encode
len the - number of bytes to encode
Returns:
base64-encoded string

P_orig

private static final int[] P_orig

S

private int[] S

S_orig

private static final int[] S_orig

base64_code

private static final char[] base64_code

bf_crypt_ciphertext

private static final int[] bf_crypt_ciphertext

index_64

private static final byte[] index_64

 
Constructor Detail

BCrypt

BCrypt()

 
Method Detail

char64

private static byte char64(char x)
Look up the 3 bits base64-encoded by the specified character, range-checking againt conversion table
Parameters:
x the - base64-encoded value
Returns:
the decoded value of x

checkpw

public static boolean checkpw(String plaintext, String hashed)

crypt_raw

private byte[] crypt_raw(byte[] password, byte[] salt, int log_rounds)
Perform the central password hashing step in the bcrypt scheme
Parameters:
password the - password to hash
salt the - binary salt to hash with the password
log_rounds the - binary logarithm of the number of rounds of hashing to apply
Returns:
an array containing the binary hashed password

decode_base64

private static byte[] decode_base64(String s, int maxolen)

ekskey

private void ekskey(byte[] data, byte[] key)
Perform the "enhanced key schedule" step described by Provos and Mazieres in "A Future-Adaptable Password Scheme" http://www.openbsd.org/papers/bcrypt-paper.ps
Parameters:
data salt - information
key password - information

encipher

private final void encipher(int[] lr, int off)
Blowfish encipher a single 64-bit block encoded as two 32-bit halves
Parameters:
lr an - array containing the two 32-bit half blocks
off the - position in the array of the blocks

encode_base64

private static String encode_base64(byte[] d, int len)

gensalt

public static String gensalt(int log_rounds, SecureRandom random)
Generate a salt for use with the BCrypt.hashpw() method
Parameters:
log_rounds the - log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.
random an - instance of SecureRandom to use
Returns:
an encoded salt value

gensalt

public static String gensalt(int log_rounds)
Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply
Returns:
an encoded salt value

gensalt

public static String gensalt()

hashpw

public static String hashpw(String password, String salt)
Hash a password using the OpenBSD bcrypt scheme
Parameters:
password the - password to hash
salt the - salt to hash with (perhaps generated using BCrypt.gensalt)
Returns:
the hashed password

init_key

private void init_key()
Key the Blowfish cipher
Parameters:
key an - array containing the key

key

private void key(byte[] key)

streamtoword

private static int streamtoword(byte[] data, int[] offp)
Cycically extract a word of key material
Parameters:
data the - string to extract the data from
offp a - "pointer" (as a one-entry array) to the current offset into data
Returns:
the next word of material from data

 

Groovy Documentation