Hi Derek, This is a broad-stroke version of Eksblowfish on Perl:
use Crypt::Eksblowfish::Bcrypt; use Digest::SHA1 qw(sha1_base64); # Setup algorithm $settings = '$2a$10$' . $salt; # Perform hash $hash = Crypt::Eksblowfish::Bcrypt::bcrypt($password, $settings); where $salt is a 22-char base64 encoded string output of a random 16 bytes, or something else of your choosing. This example uses a cost factor of 10, which on my machine takes some 80ms to generate, enough to prevent brute-force attacks. If you don't have a background on why fast password hashing is bad, this article is a good read: http://codahale.com/how-to-safely-store-a-password/ You can install Crypt::Eksblowfish from CPAN. If you need to match this with PHP code doing the same (eg. captive portal), you can use this code: // Setup algorithm $settings = '$2a$10$' . $salt . '$'; // Hash $hash = crypt($password, $settings); Make sure you use PHP 5.3.0 or higher, as it contains built-in implementations of the most common hashing methods, including Blowfish. Cheers, Mike On Friday, September 30, 2011 at 1:35 PM, Derek Buttineau wrote: > On 2011-09-30, at 7:08 AM, Heikki Vatiainen wrote: > > > On 08/25/2011 12:24 PM, Heikki Vatiainen wrote: > > > > Hello Derek, > > > > > On 08/24/2011 03:36 PM, Derek Buttineau wrote: > > > > > > I was actually thinking of AuthBy SQL. We're currently using UNIX > > > > crypt, but realized it's time to improve security. I'm being told that > > > > bcrypt is the way to go (OpenBSD style 2a/2y). So I guess wait for 4.8 > > > > or the patches to be issued? > > > > > So the additional hash types may require more work than I originally > > > thought. We'll need to check a bit more how to do this. I'll keep you > > > and the list posted. > > > > Radiator 4.9 now has more hash types supported. You may want to see if > > these are useful to you. > > > > From the list of changes: > > > > Added support for passwords encrypted with $2a$, $2x$ and $2y$ > > blowfish crypt and $5$ SHA-256 crypt (where supported by the > > underlying crypt()). Improvements to support rounds= notation in > > SHA-256, SHA512 crypt. > > > Thanks Heikki, > > I'll check it out! > > Cheers, > > Derek > _______________________________________________ > radiator mailing list > [email protected] (mailto:[email protected]) > http://www.open.com.au/mailman/listinfo/radiator _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
