25.07.2013, 12:59
(
Last edited by Johnson_boy; 01/08/2020 at 03:38 PM.
)
Introduction
Bcrypt is a hash function designed particularly for passwords, which implements an
automatic salt on all passwords, and allows the work factor to be changed as the computers
become more powerful.
Bcrypt is widely recommended, and often considered as the most secure method for hashing passwords. Source
Benefits
With sampctl
Alternatively
Function bcrypt_get_hash returns the result from bcrypt_hash, which is a 61-character-long string
(60 + null terminator), which is also defined as constant BCRYPT_HASH_LENGTH.
Below is the output for hashing "Hello World!" three times. The hash is completely unique every time,
because a random salt is used when calculating the hash every time.
Cost
Cost represents the work factor, which is proportional to the amount of time it takes to calculate a
hash, and thus how secure the hash is. Increasing the cost by one approximately doubles the time
required to calculate the hash. Cost 10-13 should be adequate for most servers. The range of allowed
values for the cost is 4-31.
Example
Trouble shooting
Problem:
The program can’t start because MSVCR120.dll is missing from your computer.
Solution:
Please download and install the 32-bit version of Visual C++ Redistributable Packages for Visual Studio 2013 (vcredist_x86.exe).
Credits
Bcrypt is a hash function designed particularly for passwords, which implements an
automatic salt on all passwords, and allows the work factor to be changed as the computers
become more powerful.
Bcrypt is widely recommended, and often considered as the most secure method for hashing passwords. Source
Benefits
- All passwords are automatically salted.
- Bcrypt is slow, which makes offline bruteforce attacks very hard (depends on the work factor).
- The work factor can be increased as the computers become more powerful.
- The plugin is multi threaded, so the impact on server performance is negligible.
- Compatible with PHP's password_verify() and password_hash() functions.
With sampctl
Code:
sampctl package install lassir/bcrypt-samp:v2.2.3
- Download the latest version of the plugins here.
- Copy the plugin file and the include file to their appropriate directories
- Include the .inc file in your filterscript or gamemode (#include <bcrypt>)
- Call function bcrypt_check when you would like to verify whether or not user input matches a given
hash (e.g. on login). Once the verification is done, the defined callback will be called, and the
result can be acquired by calling function bcrypt_is_equal() in the callback.
- If you ever change the cost, you may use bcrypt_needs_rehash function to check if the hash in the
database should be updated. The function returns true if the hash should be rehashes, and false if the
hash is up-to-date.
- bcrypt_hash(key[], cost, callback_name[], callback_format[] = "", {Float, _}:...);
- bcrypt_get_hash(dest[]);
- bcrypt_check(key[], hash[], callback_name[], callback_format[] = "", {Float, _}:...);
- bcrypt_is_equal();
- bcrypt_needs_rehash(hash[], cost);
- bcrypt_find_cost(time_target = 250);
- bcrypt_debug(BCRYPT_DEBUG_LEVEL:level = BCRYPT_LOG_ERROR);
- bcrypt_set_thread_limit(value);
Function bcrypt_get_hash returns the result from bcrypt_hash, which is a 61-character-long string
(60 + null terminator), which is also defined as constant BCRYPT_HASH_LENGTH.
Below is the output for hashing "Hello World!" three times. The hash is completely unique every time,
because a random salt is used when calculating the hash every time.
Code:
1. $2y$12$33T1WbJGYD9YVKpBShTDsOOlS3248tApLCndjz28n0cyWZR1HYXy6 2. $2y$12$ExnQyld7o8w0QbWmAJgsJuygOwlFlbMITgzuw9g.6jbnscTd5kSK6 3. $2y$12$ivsAFLaGM52oCZnFe/QKBuoJy0osV8UsbJODPBUxeY3XSBhr739Yi
Cost represents the work factor, which is proportional to the amount of time it takes to calculate a
hash, and thus how secure the hash is. Increasing the cost by one approximately doubles the time
required to calculate the hash. Cost 10-13 should be adequate for most servers. The range of allowed
values for the cost is 4-31.
Example
pawn Code:
#include <a_samp>
#include <bcrypt>
#define BCRYPT_COST 12
forward OnPasswordHashed(playerid);
forward OnPasswordChecked(playerid);
public OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])
{
switch(dialogid)
{
case DIALOG_REGISTRATION:
{
bcrypt_hash(inputtext, BCRYPT_COST, "OnPasswordHashed", "d", playerid);
}
case DIALOG_LOGIN:
{
// Variable hash is expected to contain the hash loaded from the database
bcrypt_check(inputtext, hash, "OnPasswordChecked", "d", playerid);
}
}
return 1;
}
public OnPasswordHashed(playerid)
{
new hash[BCRYPT_HASH_LENGTH];
bcrypt_get_hash(hash);
printf("Password hashed for player %d: %s", playerid, hash);
return 1;
}
public OnPasswordChecked(playerid)
{
new bool:match = bcrypt_is_equal();
printf("Password checked for %d: %s", playerid, (match) ? ("Match") : ("No match"));
return 1;
}
Problem:
The program can’t start because MSVCR120.dll is missing from your computer.
Solution:
Please download and install the 32-bit version of Visual C++ Redistributable Packages for Visual Studio 2013 (vcredist_x86.exe).
Credits
- Johnson_boy
- maddinat0r