On Tuesday, June 26, 2018 at 4:49:23 AM UTC-4, [email protected] wrote: > > I've got passwords hashed with PHP's hash_password function which I'd like > to verify in C++. I don't think cryptopp supports bcrypt yet, support would > be nice. > > A simple API like PHP's password_hash and password_verify would be even > nicer. > Any thoughts? >
Bcrypt is kind of a mess. I suspect there will be a lot of interop problems. When I looked into it in the past I did not find a stand alone reference implementation from the OpenBSD folks. I also could not find a paper/PDF, RFC or test vectors. There were also open question, like should one include a terminating NULL when using a C-style string. About all I have found is pieces of the Usenix presentation at https://www.usenix.org/legacy/publications/library/proceedings/usenix99/full_papers/provos/provos_html/node5.html and https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/bcrypt.c . I have a partial implementation but EksBlowfishSetup is not working. Lack of a stand-alone reference implementation halted the work. I can drop what I have on a testing branch if you would like to take a look at it. Jeff -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
