BCrypt port

J

joneden

Active Member
Licensed User
Longtime User
I don't suppose anyone has done a port of bcrypt.net have they?

BCrypt.Net

I use this to create a hash of a user's password on my website and never need to save the password. I'm hoping to be able to use the same method on my Android app...

Regards,

Jon
 
Sort by date Sort by votes
J

joneden

Active Member
Licensed User
Longtime User
I'm taking the lack of replies to mean that there isn't an existing solution.

Given that the BCrypt appears to have been a .net port of a java piece of code (jBCrypt - strong password hashing for Java), ho wmuch work is involved in making a wrapper for it on android? Is it a couple of hour job or more involved?

Regards,

Jon
 
Upvote 0
H

hdtvirl

Active Member
Licensed User
Longtime User
joneden, I was doing some salting stuff on a dotnet WCF service so I decided to take a look into this for you.

I downloaded the original source java files from the BCrypt web site
jBCrypt - strong password hashing for Java

I created a new java project called bkrypt and cut and paste in the two classes, added the junits library the relevant B4A libraries and the Javadocs bits compiled it up and have created a small project to test I can access them.

If I upload the Library and the XML files will you test them before I put them onto the B4A site ?.


This might save you some time, it is also helping me get my head around the wrapper library thing.
Let me know.

Regards

BOB.
 
Last edited:
Upvote 0
J

joneden

Active Member
Licensed User
Longtime User
Hi Bob

Wow that's really helpful - thanks!

I'm just having dinner but will take a look later this evening. Given the size of it hopefully there isn't that much that will go wrong

Best Regards,

Jon
 
Upvote 0
J

joneden

Active Member
Licensed User
Longtime User
Hi Bob,

I've added it in and it runs OK as an added lib, when I try to declare the object I get an error:


Compiling code. 0.07
Compiling layouts code. 0.00
Generating R file. 0.00
Compiling generated Java code. Error
javac 1.6.0_23
src\b4a\example\main.java:214: cannot find symbol
symbol : class BCrypt
location: class b4a.example.main
public static BCrypt _cryptobj = null;
^
Note: src\b4a\example\httputilsservice.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
1 error


This from
B4X: 
Dim cryptObj As BCrypt

Is it something I need to do with the project or a problem with the compiled code.

Regards,

Jon
 
Upvote 0
H

hdtvirl

Active Member
Licensed User
Longtime User
Jon, Recompiled with the correct package name. However you will still need to test it.


I don't get this error

Note: src\b4a\example\httputilsservice.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
1 error
Click to expand...
Regards

BOB

Sad to be compiling on a Friday Night !!!!!!!!
 
Last edited:
Upvote 0
J

joneden

Active Member
Licensed User
Longtime User
Hi Bob,

Hope you had a great weekend.

Many thanks for that - works this time. Existing passwords check perfectly. This is a great addition to the capabilities of this software!

Sadly I only realised that you'd replied this morning or I'd have probably been trying it on Friday night

By the way which lib do you need to use when creating the hash? I get an error when using the Encryption lib for the SecureRandom class.

B4X: 
Dim randomObject As SecureRandom
ToastMessageShow(cryptObj.hashpw("TestPassword",cryptObj.gensalt(12,randomObject)),True)

Cheers,

Jon
 
Upvote 0
H

hdtvirl

Active Member
Licensed User
Longtime User
Jon, As far as I can see this method was never included in the original file as the Java programmer would have created an new instance using the Library import java.security.SecureRandom;. It must be included in the dotnet version. ( that would make sense alright)

I have now included a SecureRandom method in the BCrypt Library 1.10 and removed the testunit class.



I have tested it again using the above and it seems to work so yo will need to test it once again.

I have updated the first post with the Attachment BCrypt1.10.zip.


Let me know how you get on.

Regards

BOB
 
Last edited:
Upvote 0
J

joneden

Active Member
Licensed User
Longtime User
Hi Bob,

That's excellent - thanks very much!

I've tested it and all seems to work just perfectly.

Thanks very much for the help with this - I hope that it was a useful exercise for you in making the wrapper.

Best Regards,

Jon
 
Upvote 0
H

hdtvirl

Active Member
Licensed User
Longtime User
Jon,

You are very Welcome, yes the exercise did prove very useful but it did interfere with my Friday night !!!!!. I was wondering what I might have done wrong after reading your reply, so it got the better of me and I returned home to fixit.

I am just wondering if anybody else would use this library and what I need to do to put it up on the Site for others to use.

Let me know of any issues and if I can I will look into them hopefully none will arise.


Regards

BOB
 
Upvote 0
J

joneden

Active Member
Licensed User
Longtime User
Hi Bob,

Sorry about that

I'm sure other people would find it useful - not sure anyone using passwords wouldn't find it useful. The only downside is that when people call me to ask for their password I now can't tell them

Cheers,

Jon
 
Upvote 0
H

hdtvirl

Active Member
Licensed User
Longtime User
Jon,

Write a small routine to allow them to change their password using a Device generated password from within the application and a question response challenge. I see you are connecting to a webservice (XML Parsing) maybe you could incorporate this into part of the WebService, to instigate it.

Best of luck with it.


Regards

BOB
 
Upvote 0
J

joneden

Active Member
Licensed User
Longtime User
Morning Bob,

I think for the time being I'll avoid them changing the password on the unit as then there are more screens to add - managing the webapp is a big enough task. Also joking aside I don't want to encourage them to change them too often, they forget them as it is!

I sure that others will find this a very useful addition.

All the best,

Jon
 
Upvote 0
You must log in or register to reply here.

Similar Threads

  • Question
Android Question [B4A] Invalid salt revision error using BCrypt
Replies
6
Views
7K
snich
  • Locked
Other [B4A] Invalid salt revision error using BCrypt
Replies
1
Views
3K
Erel
R
  • Question
Android Question BCrypt usage help [Solved]
Replies
2
Views
4K
Revisable5987
R
  • Article
B4A Library BCrypt - Create salted Hashes (compatible with PHP)
Replies
4
Views
7K
DonManfred
H
  • Question
Android Question Bcrypt Library ?
Replies
2
Views
2K
Hirogens
H
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…