B4J Library BCrypt - implementation of OpenBSD's Blowfish password hashing code

mindful · Jan 22, 2018

This is a wrapper for https://www.mindrot.org/projects/jBCrypt/

MathiasM · May 6, 2019

No replies yet, shame.
Bro, nicely done, you're a life saver. This is a _very_ nice lib!
Here, have a Belgian beer (if you're allowed to drink)

icakinser · May 9, 2019

Very NICE!

ilan · Apr 29, 2021

just tried the library but i get always a different HASH. am i doing something wrong?

B4X:

Dim bc As BCrypt For i = 0 To 4 Log(bc.HashPW2("test",10)) Next

logs:

Waiting for debugger to connect...
Program started.
Emulated network latency: 100ms
$2a$10$1z1XIWA.hoMlwDNuhYp2j.cHWMZOmmjZqCTWnNQF5ksonQO3Cmk2e
$2a$10$r1FEuLsMYpFiFUBVEYMc.eA5J2Uyc822OXg4R8tFbL5gp9El/idiW
$2a$10$yy7SOKWgYKqLl6btz3uUSORQ6KQW1kQKineREp653eRVT6Q/zTX4.
$2a$10$REv./fpuZap8ywCPyj1ckuG527GSArUvVHBJ/NPnIlbMi./F7RdMm
$2a$10$ZsuXztqnl2DqtsNArsrFfuv.pJ7Io9lI.F1HRtK3QPgRuv.yGyCBG

Click to expand...

sorry, my mistake. the salt is always different that's why the hash is different

MathiasM · May 12, 2021

Security risk, read this:

While this library is very good, it silently truncates the password, not throwing any error. eg:

B4X:

Dim hash As String = crypt.HashPW("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
    Log(crypt.CheckPW("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", hash)) 'True
    Log(crypt.CheckPW("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", hash)) 'Also True

This is normal, as it follows the bcrypt specs. A possible solution is Base64 encoding the password before hashing.

B4J Library BCrypt - implementation of OpenBSD's Blowfish password hashing code

Attachments

MathiasM

Active Member

icakinser

Member

ilan

Expert

MathiasM

Active Member

Similar Threads

B4J Library BCrypt - implementation of OpenBSD's Blowfish password hashing code

Attachments

MathiasM

Active Member

icakinser

Member

ilan

Expert

MathiasM

Active Member

Similar Threads

Privacy & Transparency

Privacy & Transparency