On Thursday, June 28, 2018 at 2:52:30 AM UTC-4, Jeffrey Walton wrote: > > > > On Tuesday, June 26, 2018 at 4:49:23 AM UTC-4, [email protected] wrote: >> >> I've got passwords hashed with PHP's hash_password function which I'd >> like to verify in C++. I don't think cryptopp supports bcrypt yet, support >> would be nice. >> >> A simple API like PHP's password_hash and password_verify would be even >> nicer. >> Any thoughts? >> > > Bcrypt is kind of a mess. I suspect there will be a lot of interop > problems. > > When I looked into it in the past I did not find a stand alone reference > implementation from the OpenBSD folks. I also could not find a paper/PDF, > RFC or test vectors. There were also open question, like should one include > a terminating NULL when using a C-style string. > > About all I have found is pieces of the Usenix presentation at > https://www.usenix.org/legacy/publications/library/proceedings/usenix99/full_papers/provos/provos_html/node5.html > > and https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/bcrypt.c > . > > I have a partial implementation but EksBlowfishSetup is not working. Lack > of a stand-alone reference implementation halted the work. I can drop what > I have on a testing branch if you would like to take a look at it. >
I added Bcrypt to a testing branch. Feel free to finish it. https://github.com/weidai11/cryptopp/tree/bcrypt . The classes do not arrive at the correct results. The branch lacks test vectors. It will need test vectors with provenance before the changes can be checked into master. Unfortunately OpenBSD's implementation does not compile as stand-alone so I'm not sure how to generate them. Jeff -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
