[Cryptography Team] bcrypt password hashing
Germán Arduino
garduino at gmail.com
Fri Apr 22 20:11:18 UTC 2011
Hi!
2011/4/22 Paul DeBruicker <pdebruic at gmail.com>:
> Hi -
>
> I've never implemented any cryptographic algorithms before but I'm trying to
> make an implementation of the bcrypt password hashing algorithm [1] in
> Pharo. I'm using the OpenBSD C implementation [2] as a reference. To make it
> work I need a port of the Blowfish algorithm and am also using the OpenBSD C
> blowfish implementation [3] as a reference.
>
> With what I have so far my "blowfish" can accurately encrypt and decrypt a
> string using a key. But the encrypted string does not match any of the
> reference implementations. I can take '0123456789' and encrypt it with the
> key 'AAAAA' and decrypt the result and get '0123456789' but my encrypted
> string is different than the C or Java encrypted string. So I believe I've
> done something wrong. I think my Feistel Network method is wrong because
> it eventually starts returning increasingly large 5 byte integers rather
> than the 4 bytes integers it should. At least that's my current guess about
> the problem.
>
> Is there an open source version of Blowfish in Smalltalk I could look at to
> see where I may be going wrong?
>
Really a coincidence because just TODAY I started implementing
Blowfish in Squeak (Is on my
todo list from years). I'm only starting and deciding somethings about
implementation, but
if all go well I will relese it as MIT.
My sources of examples and info are:
- The examples in other languages in the site of Bruce Schneier;
- The visual works implementation and
- A PHP implementation I found in snipplr.
My idea, in addition to implementing, is develop (just for
training/fun) some UI to play with it.
Let me know if I can help.
Cheers.
--
=================================================
Germán S. Arduino <gsa @ arsol.net> Twitter: garduino
Arduino Software & Web Hosting http://www.arduinosoftware.com
PasswordsPro http://www.passwordspro.com
=================================================
>
>
>
> Thanks
>
> Paul
>
>
> [1] http://www.usenix.org/events/usenix99/provos.html &
> http://codahale.com/how-to-safely-store-a-password/
>
> [2] http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/bcrypt.c
>
> [3] http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/blowfish.c
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>
More information about the Cryptography
mailing list