bcrypt

TCL module for bcrypt, a password-hashing function.

What is bcrypt?

bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher, and presented at USENIX in 1999. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.

Examples

package require bcrypt

set salt [::bcrypt::gensalt 15]
# $2a$15$2rmMs5kDAKqq2q1XJQtEre

set hash [::bcrypt::hashpw "password" $salt]
# $2a$15$2rmMs5kDAKqq2q1XJQtEre5qG.qJpLJlNrk5Zb3Mv7cgn0JBK4xR2

set match_correct_pw [::bcrypt::checkpw "password" $hash]
puts match_correct_pw=$match_correct_pw
# match_correct_pw=1

set match_incorrect_pw [::bcrypt::checkpw "hello world" $hash]
puts match_incorrect_pw=$match_incorrect_pw
# match_incorrect_pw=0

TCL Commands

• ::bcrypt::gensalt ?work_factor?
  • returns a salt
• ::bcrypt::hashpw password salt
  • returns a hash
• ::bcrypt::checkpw password hash
  • returns 1 if the password matches the hash, 0 otherwise