Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Blowfish based password hashing

by zentara (Archbishop)
on Dec 21, 2008 at 20:59 UTC ( #731919=sourcecode: print w/replies, xml ) Need Help??
Category: Cryptography
Author/Contact Info zentara of perlmonks
Description: Many linux/unix distibutions are moving up to a variation of blowfish to hash passwords. See blowfish password hashing for more details.

The Crypt-Eksblowfish module gives Perl users the access to this, but the module has many parts and is not crystal clear on usage. This is just a clarified version of one of the modules test scripts, to show how you can use it.

#!/usr/bin/perl
use warnings;
use strict;
use Crypt::Eksblowfish::Bcrypt qw(bcrypt);

my $settings = '$2$07$abcdefghijklmnopkC2SI.'; #hash identifier + salt
my $hash = 'SY5XUDcstCvd.D7IsnwxqkBQmKD548W';
my $hashed =  bcrypt('password', $settings);
print "\n$hashed\n";
print $settings.$hash."\n\n";

$settings = '$2a$05$abcdefghijklmnopqrstuu';
$hash = '5s2v8.iXieOjg/.AySBTTZIIVFJeBui'; 
my $password = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQR
+STUVWXYZ0123456789';
$hashed =  bcrypt($password, $settings);
print "$hashed\n";
print $settings.$hash."\n\n";

$settings = '$2a$05$abcdefghijklmnopqrstuu';
$hash = '5s2v8.iXieOjg/.AySBTTZIIVFJeBui'; 
# just change the first digit of password
$password = '1123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTU
+VWXYZ0123456789';
$hashed =  bcrypt($password, $settings);
print "$hashed\n";
print $settings.$hash."\n\n";


while(<DATA>) {
    chomp;
    my ($checkstring, $password) = split;
#    print "$checkstring\t$password\n";
    
    #regex for the blowfish hash id and the 22 char salt
    $checkstring =~ s#^(\$2a?\$\d{2}\$[A-Za-z0-9+\\.]{22})(.*)##; 
    # 22 is shown, may be 53 on some systems?
    my($id_salt, $hash) = ($1, $2);
#        print "$id_salt\t\t$hash\n";
        
        my $hashed =  bcrypt($password, $id_salt);
        print "$hashed\n";
        print "$hash\n";

        if($hashed eq $id_salt.$hash){print "matched\n\n"}else{ print 
+"NOT matched\n\n"}

}

=head1
  bcrypt(PASSWORD, SETTINGS)
   This is a version of "crypt" (see "crypt" in perlfunc) that impleme
+nts the
   bcrypt algorithm.  It does not implement any other hashing algorith
+ms, so if
   others are desired then it necessary to examine the algorithm prefi
+x in SET
   TINGS and dispatch between more than one version of "crypt".

   SETTINGS must be a string which encodes the algorithm parameters, i
+ncluding
   salt.  It must begin with "$2", optional "a", "$", two digits, "$",
+ and 22
   base 64 digits.  The rest of the string is ignored.  The presence o
+f the
   optional "a" means that a NUL is to be appended to the password bef
+ore it is
   used as a key.  The two digits set the cost parameter.  The 22 base
+ 64 dig
   its encode the salt.  The function will "die" if SETTINGS does not 
+have this
   format.

   The PASSWORD is hashed according to the SETTINGS.  The value return
+ed is a
   string which encodes the algorithm parameters and the hash: the par
+ameters
   are in the same format required in SETTINGS, and the hash is append
+ed in the
   form of 31 base 64 digits.  This result is suitable to be used as a
+ SETTINGS
   string for input to this function: the hash part of the string is i
+gnored on
   input.
=cut

# example what might be shown in /etc/shadow (without password shown)
# you must separate off the $id_salt, and compute the hash 

# (id_salt+eksblowfishhash)   (right password)
__DATA__
$2$07$aba.............kC2SI.cbHK1ODT5F77pYUqRNV63bd/IDxsTXq   0
$2$07$abcdee..........kC2SI.HiVB5Ax/RkxnDF2P5lQk06NBgbF/xYO   0
$2$07$abcdefghijklmnopkC2SI.7Q0nVrcMF4umRv5Pk5vDi0GlDI.lLE.   0
$2$07$abcdefghijklmnopqrstuuAgtOGDu2Z1DC3oOn6HzhbBE811IGUYu   0
$2$07$abcdefghijklmnopkC2SI.SY5XUDcstCvd.D7IsnwxqkBQmKD548W   password
$2$04$abcdefghijklmnopkC2SI.q7Yf61ne/f5tu69iU.SIM68gT3LAaYy   password
$2$10$abcdefghijklmnopkC2SI./wsXFeTOFgHVzDjpY2cn9yyF85o0khS   password
$2$04$......................Ns4TWVMFumL/LG8wa/FMbZnvNs.EDBi   password
$2$05$......................bvpG2UfzdyW/S0ny/4YyEZrmczoJfVm   password
$2$06$......................h9TvqYVBoV1csDZEfDS/qeQHryfT7dm   password
$2$07$......................A.nYdZ8J7ihz9grv6aPNwWdqpEgHssm   password
$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW  U*U
$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK  U*U*
$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a  U*U*U
$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui  01234567
+89abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: sourcecode [id://731919]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (4)
As of 2020-06-06 20:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you really want to know if there is extraterrestrial life?



    Results (41 votes). Check out past polls.

    Notices?