B4A Library BCrypt - Create salted Hashes (compatible with PHP)

Based on this Maven repository:
https://mvnrepository.com/artifact/org.mindrot/jbcrypt/0.4

bcrypt
/**
BCrypt implements OpenBSD-style Blowfish password hashing using
the scheme described in "A Future-Adaptable Password Scheme" by
Niels Provos and David Mazieres.
This password hashing system tries to thwart off-line password
cracking using a computationally-intensive hashing algorithm,
based on Bruce Schneier's Blowfish cipher. The work factor of
the algorithm is parameterised, so it can be increased as
computers get faster.
Usage is really simple. To hash a password for the first time,
call the hashpw method with a random salt

Author: DonManfred
Version: 0.01
  • BCrypt
    • Functions:
      • checkpw (plaintext As String, hashed As String) As Boolean
        Check that a plaintext password matches a previously hashed
        one
        plaintext: the plaintext password to verify
        hashed: the previously-hashed password
        Return type: @return:true if the passwords match, false otherwise
      • gensalt As String
        Generate a salt for use with the BCrypt.hashpw() method,
        selecting a reasonable default for the number of hashing
        rounds to apply
        returns an encoded salt value
      • gensalt2 (log_rounds As Int) As String
        Generate a salt for use with the BCrypt.hashpw() method
        log_rounds the log2 of the number of rounds of
        hashing to apply - the work factor therefore increases as
        2**log_rounds.
        returns an encoded salt value
      • gensalt3 (log_rounds As Int, random As java.security.SecureRandom) As String
        Generate a salt for use with the BCrypt.hashpw() method
        log_rounds the log2 of the number of rounds of
        hashing to apply - the work factor therefore increases as
        2**log_rounds.
        random an instance of SecureRandom to use
        returns an encoded salt value
      • hashpw (password As String, salt As String) As String
        Hash a password using the OpenBSD bcrypt scheme
        password the password to hash
        salt the salt to hash with (perhaps generated
        using BCrypt.gensalt)
        returns the hashed password
      • Initialize (EventName As String)

B4X:
    Dim bc As BCrypt
    Dim hash As String = bc.hashpw("Test",bc.gensalt)
    Log(hash) ' $2a$10$2OA3heI7jImo7SFlFrfSK.9z6K7fF3Ny3vw3CZ3u24QvkRDSPYE6u
I tried the generated hash with PHP. password_verify returns TRUE

PHP:
$pw = "$2a$10$2OA3heI7jImo7SFlFrfSK.9z6K7fF3Ny3vw3CZ3u24QvkRDSPYE6u";
if (password_verify("Test",$pw) == true){
  echo "password_verify returns TRUE";
} else {
  echo "password_verify returns FALSE";
}
 

Attachments

  • b4a_bcryptV0.01.zip
    17.6 KB · Views: 415
Last edited:

zabayin

Member
Licensed User
I'm very sorry for this lib there is no feedback for it. very useful for me coz my C# app and android app use same bcrypt vice versa for long time. The only sadly thing is there is no bcrypt lib in B4i.
 

DonManfred

Expert
Licensed User
Longtime User
The only sadly thing is there is no bcrypt lib in B4i.
Feel free to write one!

PS: You should ALWAYS create a new thread for your issues; posting to an existing thread is a mistake.
 

mcqueccu

Well-Known Member
Licensed User
I'm very sorry for this lib there is no feedback for it. very useful for me coz my C# app and android app use the same bcrypt vice versa for a long time. The only sad thing is there is no bcrypt lib in B4i.


The fact that there is no feedback doesn't mean the library is not working or people are not using it. It just simply means it's very easy to implement and it's working very fine for everybody so there is no issue to report.

The feedback is the likes you see and the160 downloads as at today
 
Top