1Authen::Passphrase::BloUwsfeirshCCornytprti(b3u)ted PerlAuDtohceunm:e:nPtaastsipohnrase::BlowfishCrypt(3)
2
3
4

NAME

6       Authen::Passphrase::BlowfishCrypt - passphrases using the
7       Blowfish-based Unix crypt()
8

SYNOPSIS

10               use Authen::Passphrase::BlowfishCrypt;
11
12               $ppr = Authen::Passphrase::BlowfishCrypt->new(
13                       cost => 8,
14                       salt => "sodium__chloride",
15                       hash_base64 => "BPZijhMHLvPeNMHd6XwZyNamOXVBTPi");
16
17               $ppr = Authen::Passphrase::BlowfishCrypt->new(
18                       cost => 8, salt_random => 1,
19                       passphrase => "passphrase");
20
21               $ppr = Authen::Passphrase::BlowfishCrypt->from_crypt(
22                       '$2a$08$a07iYVTrVz7hYEvtakjiXOB'.
23                       'PZijhMHLvPeNMHd6XwZyNamOXVBTPi');
24
25               $ppr = Authen::Passphrase::BlowfishCrypt->from_rfc2307(
26                       '{CRYPT}$2a$08$a07iYVTrVz7hYEvtakjiXOB'.
27                       'PZijhMHLvPeNMHd6XwZyNamOXVBTPi');
28
29               $key_nul = $ppr->key_nul;
30               $cost = $ppr->cost;
31               $cost = $ppr->keying_nrounds_log2;
32               $salt = $ppr->salt;
33               $salt_base64 = $ppr->salt_base64;
34               $hash = $ppr->hash;
35               $hash_base64 = $ppr->hash_base64;
36
37               if($ppr->match($passphrase)) { ...
38
39               $passwd = $ppr->as_crypt;
40               $userPassword = $ppr->as_rfc2307;
41

DESCRIPTION

43       An object of this class encapsulates a passphrase hashed using the
44       Blowfish-based Unix crypt() hash function, known as "bcrypt".  This is
45       a subclass of Authen::Passphrase, and this document assumes that the
46       reader is familiar with the documentation for that class.
47
48       The crypt() function in a modern Unix actually supports several
49       different passphrase schemes.  This class is concerned only with one
50       particular scheme, a Blowfish-based algorithm designed by Niels Provos
51       and David Mazieres for OpenBSD.  To handle the whole range of
52       passphrase schemes supported by the modern crypt(), see the from_crypt
53       constructor and the as_crypt method in Authen::Passphrase.
54
55       The Blowfish-based crypt() scheme uses a variant of Blowfish called
56       "Eksblowfish", for "expensive key schedule Blowfish".  It has the
57       cryptographic strength of Blowfish, and a very slow key setup phase to
58       resist brute-force attacks.  There is a "cost" parameter to the scheme:
59       the length of key setup is proportional to 2^cost.  There is a 128-bit
60       salt.  Up to 72 characters of the passphrase will be used; any more
61       will be ignored.
62
63       The cost, salt, and passphrase are all used to (very slowly) key
64       Eksblowfish.  Once key setup is done, the string
65       "OrpheanBeholderScryDoubt" (three Blowfish blocks long) is encrypted 64
66       times in ECB mode.  The final byte of the ciphertext is then dropped,
67       yielding a 23-byte hash.
68
69       In the crypt() function the salt and hash are represented in ASCII
70       using a base 64 encoding.  The base 64 digits are ".", "/", "A" to "Z",
71       "a" to "z", "0" to "9" (in that order).  The 16-byte salt is
72       represented as 22 base 64 digits, and the 23-byte hash as 31 base 64
73       digits.
74
75       This algorithm is intended for situations where the efficiency of a
76       brute force attack is a concern.  It is suitable for use in new
77       applications where this requirement exists.  If that is not a concern,
78       and it suffices to merely make brute force the most efficient attack,
79       see Authen::Passphrase::SaltedDigest for more efficient hash
80       algorithms.
81
82       Choice of the cost parameter is critical, due to the need to trade off
83       expense of brute-force attack against speed of legitimate passphrase
84       verification.  A traditional target is that verification should take
85       about one second on widely-available hardware.  (Algorithms that are
86       concerned about brute force speed but lack a cost parameter have often
87       aimed for this, with respect to hardware available at the time of the
88       algorithm's introduction.)  As of 2011, this is achieved with a cost
89       parameter around 14.
90

CONSTRUCTORS

92       Authen::Passphrase::BlowfishCrypt->new(ATTR => VALUE, ...)
93           Generates a new passphrase recogniser object using the Blowfish-
94           based crypt() algorithm.  The following attributes may be given:
95
96           key_nul
97               Truth value indicating whether to append a NUL to the
98               passphrase before using it as a key.  The algorithm as
99               originally devised does not do this, but it was later modified
100               to do it.  The version that does append NUL is to be preferred.
101               Default true.
102
103           cost
104               Base-two logarithm of the number of keying rounds to perform.
105
106           keying_nrounds_log2
107               Synonym for cost.
108
109           salt
110               The salt, as a 16-byte string.
111
112           salt_base64
113               The salt, as a string of 22 base 64 digits.
114
115           salt_random
116               Causes salt to be generated randomly.  The value given for this
117               attribute is ignored.  The source of randomness may be
118               controlled by the facility described in Data::Entropy.
119
120           hash
121               The hash, as a 23-byte string.
122
123           hash_base64
124               The hash, as a string of 31 base 64 digits.
125
126           passphrase
127               A passphrase that will be accepted.
128
129           The cost and salt must be given, and either the hash or the
130           passphrase.
131
132       Authen::Passphrase::BlowfishCrypt->from_crypt(PASSWD)
133           Generates a new passphrase recogniser object using the Blowfish-
134           based crypt() algorithm, from a crypt string.  The crypt string
135           must start with "$2$" for the version that does not append NUL to
136           the key, or "$2a$" for the version that does.  The next two
137           characters must be decimal digits giving the cost parameter.  This
138           must be followed by "$", 22 base 64 digits giving the salt, and
139           finally 31 base 64 digits giving the hash.
140
141       Authen::Passphrase::BlowfishCrypt->from_rfc2307(USERPASSWORD)
142           Generates a new passphrase recogniser object using the Blowfish-
143           based crypt() algorithm, from an RFC 2307 string.  The string must
144           consist of "{CRYPT}" (case insensitive) followed by an acceptable
145           crypt string.
146

METHODS

148       $ppr->key_nul
149           Returns a truth value indicating whether a NUL will be appended to
150           the passphrase before using it as a key.
151
152       $ppr->cost
153           Returns the base-two logarithm of the number of keying rounds that
154           will be performed.
155
156       $ppr->keying_nrounds_log2
157           Synonym for "cost".
158
159       $ppr->salt
160           Returns the salt, as a string of sixteen bytes.
161
162       $ppr->salt_base64
163           Returns the salt, as a string of 22 base 64 digits.
164
165       $ppr->hash
166           Returns the hash value, as a string of 23 bytes.
167
168       $ppr->hash_base64
169           Returns the hash value, as a string of 31 base 64 digits.
170
171       $ppr->match(PASSPHRASE)
172       $ppr->as_crypt
173       $ppr->as_rfc2307
174           These methods are part of the standard Authen::Passphrase
175           interface.
176

SEE ALSO

178       Authen::Passphrase, Crypt::Eksblowfish::Bcrypt
179

AUTHOR

181       Andrew Main (Zefram) <zefram@fysh.org>
182
184       Copyright (C) 2006, 2007, 2009, 2010, 2012 Andrew Main (Zefram)
185       <zefram@fysh.org>
186

LICENSE

188       This module is free software; you can redistribute it and/or modify it
189       under the same terms as Perl itself.
190
191
192
193perl v5.32.1                      2021-01-2A6uthen::Passphrase::BlowfishCrypt(3)
Impressum