Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

crypt::eksblowfish::bcrypt(3pm) [debian man page]

Crypt::Eksblowfish::Bcrypt(3pm) 			User Contributed Perl Documentation			   Crypt::Eksblowfish::Bcrypt(3pm)

NAME

       Crypt::Eksblowfish::Bcrypt - Blowfish-based Unix crypt() password hash

SYNOPSIS

	       use Crypt::Eksblowfish::Bcrypt qw(bcrypt_hash);

	       $hash = bcrypt_hash({
			       key_nul => 1,
			       cost => 8,
			       salt => $salt,
		       }, $password);

	       use Crypt::Eksblowfish::Bcrypt qw(en_base64 de_base64);

	       $text = en_base64($octets);
	       $octets = de_base64($text);

	       use Crypt::Eksblowfish::Bcrypt qw(bcrypt);

	       $hashed_password = bcrypt($password, $settings);

DESCRIPTION

       This module implements the Blowfish-based Unix crypt() password hashing algorithm, known as "bcrypt".  This hash uses a variant of
       Blowfish, known as "Eksblowfish", modified to have particularly expensive key scheduling.  Eksblowfish and bcrypt were devised by Niels
       Provos and David Mazieres for OpenBSD.  The design is described in a paper at <http://www.usenix.org/events/usenix99/provos.html>.

FUNCTIONS

       bcrypt_hash(SETTINGS, PASSWORD)
	   Hashes PASSWORD according to the supplied SETTINGS, and returns the 23-octet hash.  SETTINGS must be a reference to a hash, with these
	   keys:

	   key_nul
	       Truth value: whether to append a NUL to the password before using it as a key.  The algorithm as originally devised does not do
	       this, but it was later modified to do it.  The version that does append NUL is to be preferred; not doing so is supported only for
	       backward compatibility.

	   cost
	       Non-negative integer controlling the cost of the hash function.	The number of operations is proportional to 2^cost.

	   salt
	       Exactly sixteen octets of salt.

       en_base64(BYTES)
	   Encodes the octet string textually using the form of base 64 that is conventionally used with bcrypt.

       de_base64(TEXT)
	   Decodes an octet string that was textually encoded using the form of base 64 that is conventionally used with bcrypt.

       bcrypt(PASSWORD, SETTINGS)
	   This is a version of "crypt" (see "crypt" in perlfunc) that implements the bcrypt algorithm.  It does not implement any other hashing
	   algorithms, so if others are desired then it necessary to examine the algorithm prefix in SETTINGS and dispatch between more than one
	   version of "crypt".

	   SETTINGS must be a string which encodes the algorithm parameters, including salt.  It must begin with "$2", optional "a", "$", two
	   digits, "$", and 22 base 64 digits.	The rest of the string is ignored.  The presence of the optional "a" means that a NUL is to be
	   appended to the password before it is used as a key.  The two digits set the cost parameter.  The 22 base 64 digits encode the salt.
	   The function will "die" if SETTINGS does not have this format.

	   The PASSWORD is hashed according to the SETTINGS.  The value returned is a string which encodes the algorithm parameters and the hash:
	   the parameters are in the same format required in SETTINGS, and the hash is appended in the form of 31 base 64 digits.  This result is
	   suitable to be used as a SETTINGS string for input to this function: the hash part of the string is ignored on input.

SEE ALSO

       Crypt::Eksblowfish, <http://www.usenix.org/events/usenix99/provos.html>

AUTHOR

       Andrew Main (Zefram) <zefram@fysh.org>

COPYRIGHT

       Copyright (C) 2006, 2007, 2008, 2009, 2010 Andrew Main (Zefram) <zefram@fysh.org>

LICENSE

       This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.14.2							    2011-11-15					   Crypt::Eksblowfish::Bcrypt(3pm)

Check Out this Related Man Page

Crypt::Eksblowfish::Uklblowfish(3pm)			User Contributed Perl Documentation		      Crypt::Eksblowfish::Uklblowfish(3pm)

NAME

       Crypt::Eksblowfish::Uklblowfish - Blowfish cipher with unrestricted key length

SYNOPSIS

	       use Crypt::Eksblowfish::Uklblowfish;

	       $block_size = Crypt::Eksblowfish::Uklblowfish->blocksize;
	       $key_size = Crypt::Eksblowfish::Uklblowfish->keysize;

	       $cipher = Crypt::Eksblowfish::Uklblowfish->new($key);

	       $block_size = $cipher->blocksize;
	       $ciphertext = $cipher->encrypt($plaintext);
	       $plaintext = $cipher->decrypt($ciphertext);

	       $p_array = $cipher->p_array;
	       $s_boxes = $cipher->s_boxes;
	       if($cipher->is_weak) { ...

DESCRIPTION

       An object of this type encapsulates a keyed instance of the Blowfish block cipher, ready to encrypt and decrypt.  However, if you're
       looking for an implementation of Blowfish you most likely want Crypt::Eksblowfish::Blowfish.  This class differs from the standard Blowfish
       in that it accepts some keys that Blowfish officially does not permit.

       Blowfish is a symmetric cipher algorithm designed by Bruce Schneier in 1993.  It operates on 64-bit blocks, and takes a variable-length
       key.  Officially the key can vary from 32 bits (4 octets) to 448 bits (56 octets) in increments of 8 bits (1 octet).  In fact the algorithm
       can easily operate on a key of any number of octets from 1 (8 bits) to 72 (576 bits).  Some implementations don't enforce the official key
       length limits, and so for compatibility it is sometimes necessary to handle a Blowfish key of a prohibited length.  That is what this class
       is for.	The "Ukl" in the name stands for "unrestricted key length".

       Using a very short key is generally a bad idea because there aren't very many keys of that length and so it's easy for an attacker to try
       them all.  The official 32-bit minimum for Blowfish was already far too short for serious security at the time that Blowfish was designed.
       (A machine to crack 56-bit DES keys by brute force in a few days each was publicly built only five years later.)  Do not base your security
       on the secrecy of a short key.

       Using overlong keys has more interesting effects, which depend on internal features of Blowfish.  When the key exceeds 64 octets (512
       bits), varying key bits past that length results in subkeys which have predictable relationships.  There is also some possibility of
       equivalent keys when the keys exceed 64 octets and differ only in the first 8 octets (64 bits).	These phenomena have not been extensively
       studied in the open literature, so it is difficult to judge the degree of cryptographic weakness that results from them.  It is clear that
       beyond some length Blowfish keys do not have as much strength as their length would suggest, and it is possible that overlong keys have
       specific weaknesses that render them weaker than shorter keys.  If choosing a key for security, it is advised to stay within the official
       length limit of 56 octets.

       In summary: using Blowfish keys of officially-unsupported lengths causes security problems.  If you are using Blowfish for security, and
       have the choice, use a key of an officially-supported length (and a standard implementation such as Crypt::Eksblowfish::Blowfish).  Use
       out-of-range key lengths (and this class) only for compatibility or cryptanalytic reasons.

CLASS METHODS

       Crypt::Eksblowfish::Uklblowfish->blocksize
	   Returns 8, indicating the Blowfish block size of 8 octets.  This method may be called on either the class or an instance.

       Crypt::Eksblowfish::Uklblowfish->keysize
	   Returns 0, indicating that the key size is variable.  This situation is handled specially by "Crypt::CBC".

CONSTRUCTOR

       Crypt::Eksblowfish::Uklblowfish->new(KEY)
	   Performs key setup on a new instance of the Blowfish algorithm, returning the keyed state.  The KEY may be any length from 1 octet to
	   72 octets inclusive.

METHODS

       $cipher->blocksize
	   Returns 8, indicating the Blowfish block size of 8 octets.  This method may be called on either the class or an instance.

       $cipher->encrypt(PLAINTEXT)
	   PLAINTEXT must be exactly eight octets.  The block is encrypted, and the ciphertext is returned.

       $cipher->decrypt(CIPHERTEXT)
	   CIPHERTEXT must be exactly eight octets.  The block is decrypted, and the plaintext is returned.

       $cipher->p_array
       $cipher->s_boxes
	   These methods extract the subkeys from the keyed cipher.  This is not required in ordinary operation.  See the superclass
	   Crypt::Eksblowfish::Subkeyed for details.

       $cipher->is_weak
	   This method checks whether the cipher has been keyed with a weak key.  It may be desired to avoid using weak keys.  See the superclass
	   Crypt::Eksblowfish::Subkeyed for details.

	   This method does not detect any cryptographic weaknesses that might result from the related-key properties and other features of
	   overlong keys.

SEE ALSO

       Crypt::Eksblowfish::Blowfish

AUTHOR

       Eksblowfish guts originally by Solar Designer (solar at openwall.com).

       Modifications and Perl interface by Andrew Main (Zefram) <zefram@fysh.org>.

COPYRIGHT

       Copyright (C) 2006, 2007, 2008, 2009, 2010 Andrew Main (Zefram) <zefram@fysh.org>

       The original Eksblowfish code (in the form of crypt()) from which this module is derived is in the public domain.  It may be found at
       <http://www.openwall.com/crypt/>.

LICENSE

       This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.14.2							    2011-11-15				      Crypt::Eksblowfish::Uklblowfish(3pm)
Man Page