Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Blowfish based password hashing

by zentara (Archbishop)
on Dec 21, 2008 at 20:59 UTC ( #731919=sourcecode: print w/replies, xml ) Need Help??
Category: Cryptography
Author/Contact Info zentara of perlmonks
Description: Many linux/unix distibutions are moving up to a variation of blowfish to hash passwords. See blowfish password hashing for more details.

The Crypt-Eksblowfish module gives Perl users the access to this, but the module has many parts and is not crystal clear on usage. This is just a clarified version of one of the modules test scripts, to show how you can use it.

use warnings;
use strict;
use Crypt::Eksblowfish::Bcrypt qw(bcrypt);

my $settings = '$2$07$abcdefghijklmnopkC2SI.'; #hash identifier + salt
my $hash = 'SY5XUDcstCvd.D7IsnwxqkBQmKD548W';
my $hashed =  bcrypt('password', $settings);
print "\n$hashed\n";
print $settings.$hash."\n\n";

$settings = '$2a$05$abcdefghijklmnopqrstuu';
$hash = '5s2v8.iXieOjg/.AySBTTZIIVFJeBui'; 
my $password = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQR
$hashed =  bcrypt($password, $settings);
print "$hashed\n";
print $settings.$hash."\n\n";

$settings = '$2a$05$abcdefghijklmnopqrstuu';
$hash = '5s2v8.iXieOjg/.AySBTTZIIVFJeBui'; 
# just change the first digit of password
$password = '1123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTU
$hashed =  bcrypt($password, $settings);
print "$hashed\n";
print $settings.$hash."\n\n";

while(<DATA>) {
    my ($checkstring, $password) = split;
#    print "$checkstring\t$password\n";
    #regex for the blowfish hash id and the 22 char salt
    $checkstring =~ s#^(\$2a?\$\d{2}\$[A-Za-z0-9+\\.]{22})(.*)##; 
    # 22 is shown, may be 53 on some systems?
    my($id_salt, $hash) = ($1, $2);
#        print "$id_salt\t\t$hash\n";
        my $hashed =  bcrypt($password, $id_salt);
        print "$hashed\n";
        print "$hash\n";

        if($hashed eq $id_salt.$hash){print "matched\n\n"}else{ print 
+"NOT matched\n\n"}


   This is a version of "crypt" (see "crypt" in perlfunc) that impleme
+nts the
   bcrypt algorithm.  It does not implement any other hashing algorith
+ms, so if
   others are desired then it necessary to examine the algorithm prefi
+x in SET
   TINGS and dispatch between more than one version of "crypt".

   SETTINGS must be a string which encodes the algorithm parameters, i
   salt.  It must begin with "$2", optional "a", "$", two digits, "$",
+ and 22
   base 64 digits.  The rest of the string is ignored.  The presence o
+f the
   optional "a" means that a NUL is to be appended to the password bef
+ore it is
   used as a key.  The two digits set the cost parameter.  The 22 base
+ 64 dig
   its encode the salt.  The function will "die" if SETTINGS does not 
+have this

   The PASSWORD is hashed according to the SETTINGS.  The value return
+ed is a
   string which encodes the algorithm parameters and the hash: the par
   are in the same format required in SETTINGS, and the hash is append
+ed in the
   form of 31 base 64 digits.  This result is suitable to be used as a
   string for input to this function: the hash part of the string is i
+gnored on

# example what might be shown in /etc/shadow (without password shown)
# you must separate off the $id_salt, and compute the hash 

# (id_salt+eksblowfishhash)   (right password)
$2$07$aba.............kC2SI.cbHK1ODT5F77pYUqRNV63bd/IDxsTXq   0
$2$07$abcdee..........kC2SI.HiVB5Ax/RkxnDF2P5lQk06NBgbF/xYO   0
$2$07$abcdefghijklmnopkC2SI.7Q0nVrcMF4umRv5Pk5vDi0GlDI.lLE.   0
$2$07$abcdefghijklmnopqrstuuAgtOGDu2Z1DC3oOn6HzhbBE811IGUYu   0
$2$07$abcdefghijklmnopkC2SI.SY5XUDcstCvd.D7IsnwxqkBQmKD548W   password
$2$04$abcdefghijklmnopkC2SI.q7Yf61ne/f5tu69iU.SIM68gT3LAaYy   password
$2$10$abcdefghijklmnopkC2SI./wsXFeTOFgHVzDjpY2cn9yyF85o0khS   password
$2$04$......................Ns4TWVMFumL/LG8wa/FMbZnvNs.EDBi   password
$2$05$......................bvpG2UfzdyW/S0ny/4YyEZrmczoJfVm   password
$2$06$......................h9TvqYVBoV1csDZEfDS/qeQHryfT7dm   password
$2$07$......................A.nYdZ8J7ihz9grv6aPNwWdqpEgHssm   password
$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui  01234567

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: sourcecode [id://731919]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (2)
As of 2021-01-23 23:26 GMT
Find Nodes?
    Voting Booth?