On Tue, Jun 14, 2011 at 04:52:30PM -0500, Marsh Ray wrote: > > The first 7 chars "$2a$05$" are a configuration string. The subsequent > 53 characters (in theory) contains a 128 bit salt and a 192 bit hash > value. But 53 is an odd length (literally!) for a base64 string, as > base64 uses four characters to encode three bytes. > > I don't see an official reference for the format of bcrypt hashes. > There's the Usenix 99 paper, which is a great read in many ways, but > it's not a rigorous implementation spec.
I discovered this a while back when I wrote a bcrypt implementation. Unfortunately the only real specification seems to be 'what the OpenBSD implementation does'. And the OpenBSD implementation also does this trunction, which you can see in ftp://ftp.fr.openbsd.org/pub/OpenBSD/src/lib/libc/crypt/bcrypt.c with encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext, 4 * BCRYPT_BLOCKS - 1); Niels Provos is probably the only reliable source as to why this truncation was done though I assume it was some attempt to minimize padding bits or reduce the hash size. -Jack _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
