Bcrypt password hashing
Bcrypt is used for secure password hashing. The main difference with
regular digest algorithms such as MD5 or SHA256 is that the bcrypt
algorithm is specifically designed to be CPU intensive in order to
protect against brute force attacks. The exact complexity of the
algorithm is configurable via the
log_rounds parameter. The
interface is fully compatible with the Python one.
1 2 3 4 5
integer between 4 and 31 that defines the complexity of
the hashing, increasing the cost as
the message (password) to encrypt
a salt generated with
the previously generated bcrypt hash to verify
hashpw function calculates a hash from a password using
a random salt. Validating the hash is done by reshashing the password
using the hash as a salt. The
checkpw function is a simple
wrapper that does exactly this.
gensalt generates a random text salt for use with
The first few characters in the salt string hold the bcrypt version number
and value for
log_rounds. The remainder stores 16 bytes of base64
encoded randomness for seeding the hashing algorithm.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# Secret message as a string passwd <- "supersecret" # Create the hash hash <- hashpw(passwd) hash # To validate the hash identical(hash, hashpw(passwd, hash)) # Or use the wrapper checkpw(passwd, hash) # Use varying complexity: hash11 <- hashpw(passwd, gensalt(11)) hash12 <- hashpw(passwd, gensalt(12)) hash13 <- hashpw(passwd, gensalt(13)) # Takes longer to verify (or crack) system.time(checkpw(passwd, hash11)) system.time(checkpw(passwd, hash12)) system.time(checkpw(passwd, hash13))
Want to suggest features or report bugs for rdrr.io? Use the GitHub issue tracker.