Package org.apache.directory.api.ldap.model.password

Class BCrypt

  • public class BCrypt
extends Object
    BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.

    This password hashing system tries to thwart off-line password cracking using a computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. The work factor of the algorithm is parameterised, so it can be increased as computers get faster.

    Usage is really simple. To hash a password for the first time, call the hashpw method with a random salt, like this:

    String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());

    To check whether a plaintext password matches one that has been hashed previously, use the checkpw method:

    if (BCrypt.checkpw(candidate_password, stored_hash))
        System.out.println("It matches");
    else
        System.out.println("It does not match");

    The gensalt() method takes an optional parameter (log_rounds) that determines the computational complexity of the hashing:

    String strong_salt = BCrypt.gensalt(10)
    String stronger_salt = BCrypt.gensalt(12)

    The amount of work increases exponentially (2**log_rounds), so each increment is twice as much work. The default log_rounds is 10, and the valid range is 4 to 30.

    Version:
    0.2
    Author:
    Damien Miller

    • Constructor Summary

      Constructors 
      Constructor Description
      BCrypt()  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private static byte char64​(char x)
      Look up the 3 bits base64-encoded by the specified character, range-checking agaisnt conversion table
      static boolean checkPw​(String plaintext, String hashed)
      Check that a plaintext password matches a previously hashed one
      byte[] cryptRaw​(byte[] password, byte[] salt, int logRounds, int[] cdata)
      Perform the central password hashing step in the bcrypt scheme
      private static byte[] decodeBase64​(String s, int maxolen)
      Decode a string encoded using bcrypt's base64 scheme to a byte array.
      private void eksKey​(byte[] data, byte[] key)
      Perform the "enhanced key schedule" step described by Provos and Mazieres in "A Future-Adaptable Password Scheme" http://www.openbsd.org/papers/bcrypt-paper.ps
      private void encipher​(int[] lr, int off)
      Blowfish encipher a single 64-bit block encoded as two 32-bit halves
      private static String encodeBase64​(byte[] d, int len)
      Encode a byte array using bcrypt's slightly-modified base64 encoding scheme.
      static String genSalt()
      Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply
      static String genSalt​(int logRounds)
      Generate a salt for use with the BCrypt.hashpw() method
      static String genSalt​(int logRounds, SecureRandom random)
      Generate a salt for use with the BCrypt.hashpw() method
      static String hashPw​(String password, String salt)
      Hash a password using the OpenBSD bcrypt scheme
      private void initKey()
      Initialise the Blowfish key schedule
      private void key​(byte[] key)
      Key the Blowfish cipher
      private static int streamToWord​(byte[] data, int[] offp)
      Cycically extract a word of key material

    • Field Detail

      • GENSALT_DEFAULT_LOG2_ROUNDS

        private static final int GENSALT_DEFAULT_LOG2_ROUNDS
        See Also:
        Constant Field Values

      • P_ORIG

        private static final int[] P_ORIG

      • S_ORIG

        private static final int[] S_ORIG

      • BF_CRYPT_CIPHERTEXT

        private static final int[] BF_CRYPT_CIPHERTEXT

      • BASE_64_CHAR

        private static final char[] BASE_64_CHAR

      • INDEX_64

        private static final byte[] INDEX_64

      • pKey

        private int[] pKey

      • sKey

        private int[] sKey

    • Constructor Detail

      • BCrypt

        public BCrypt()

    • Method Detail

      • encodeBase64

        private static String encodeBase64​(byte[] d,
                                   int len)
        Encode a byte array using bcrypt's slightly-modified base64 encoding scheme. Note that this is *not* compatible with the standard MIME-base64 encoding.
        Parameters:
        d - the byte array to encode
        len - the number of bytes to encode
        Returns:
        base64-encoded string
        Throws:
        IllegalArgumentException - if the length is invalid

      • char64

        private static byte char64​(char x)
        Look up the 3 bits base64-encoded by the specified character, range-checking agaisnt conversion table
        Parameters:
        x - the base64-encoded value
        Returns:
        the decoded value of x

      • decodeBase64

        private static byte[] decodeBase64​(String s,
                                   int maxolen)
        Decode a string encoded using bcrypt's base64 scheme to a byte array. Note that this is *not* compatible with the standard MIME-base64 encoding.
        Parameters:
        s - the string to decode
        maxolen - the maximum number of bytes to decode
        Returns:
        an array containing the decoded bytes
        Throws:
        IllegalArgumentException - if maxolen is invalid

      • encipher

        private void encipher​(int[] lr,
                      int off)
        Blowfish encipher a single 64-bit block encoded as two 32-bit halves
        Parameters:
        lr - an array containing the two 32-bit half blocks
        off - the position in the array of the blocks

      • streamToWord

        private static int streamToWord​(byte[] data,
                                int[] offp)
        Cycically extract a word of key material
        Parameters:
        data - the string to extract the data from
        offp - a "pointer" (as a one-entry array) to the current offset into data
        Returns:
        the next word of material from data

      • initKey

        private void initKey()
        Initialise the Blowfish key schedule

      • key

        private void key​(byte[] key)
        Key the Blowfish cipher
        Parameters:
        key - an array containing the key

      • eksKey

        private void eksKey​(byte[] data,
                    byte[] key)
        Perform the "enhanced key schedule" step described by Provos and Mazieres in "A Future-Adaptable Password Scheme" http://www.openbsd.org/papers/bcrypt-paper.ps
        Parameters:
        data - salt information
        key - password information

      • cryptRaw

        public byte[] cryptRaw​(byte[] password,
                       byte[] salt,
                       int logRounds,
                       int[] cdata)
        Perform the central password hashing step in the bcrypt scheme
        Parameters:
        password - the password to hash
        salt - the binary salt to hash with the password
        logRounds - the binary logarithm of the number of rounds of hashing to apply
        cdata - the plaintext to encrypt
        Returns:
        an array containing the binary hashed password

      • hashPw

        public static String hashPw​(String password,
                            String salt)
        Hash a password using the OpenBSD bcrypt scheme
        Parameters:
        password - the password to hash
        salt - the salt to hash with (perhaps generated using BCrypt.gensalt)
        Returns:
        the hashed password

      • genSalt

        public static String genSalt​(int logRounds,
                             SecureRandom random)
        Generate a salt for use with the BCrypt.hashpw() method
        Parameters:
        logRounds - the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.
        random - an instance of SecureRandom to use
        Returns:
        an encoded salt value

      • genSalt

        public static String genSalt​(int logRounds)
        Generate a salt for use with the BCrypt.hashpw() method
        Parameters:
        logRounds - the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.
        Returns:
        an encoded salt value

      • genSalt

        public static String genSalt()
        Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply
        Returns:
        an encoded salt value

      • checkPw

        public static boolean checkPw​(String plaintext,
                              String hashed)
        Check that a plaintext password matches a previously hashed one
        Parameters:
        plaintext - the plaintext password to verify
        hashed - the previously-hashed password
        Returns:
        true if the passwords match, false otherwise