[Cryptography Team] bcrypt password hashing
Paul DeBruicker
pdebruic at gmail.com
Fri Apr 22 14:57:54 UTC 2011
Hi -
I've never implemented any cryptographic algorithms before but I'm
trying to make an implementation of the bcrypt password hashing
algorithm [1] in Pharo. I'm using the OpenBSD C implementation [2] as a
reference. To make it work I need a port of the Blowfish algorithm and
am also using the OpenBSD C blowfish implementation [3] as a reference.
With what I have so far my "blowfish" can accurately encrypt and decrypt
a string using a key. But the encrypted string does not match any of the
reference implementations. I can take '0123456789' and encrypt it with
the key 'AAAAA' and decrypt the result and get '0123456789' but my
encrypted string is different than the C or Java encrypted string. So I
believe I've done something wrong. I think my Feistel Network method
is wrong because it eventually starts returning increasingly large 5
byte integers rather than the 4 bytes integers it should. At least
that's my current guess about the problem.
Is there an open source version of Blowfish in Smalltalk I could look at
to see where I may be going wrong?
Thanks
Paul
[1] http://www.usenix.org/events/usenix99/provos.html &
http://codahale.com/how-to-safely-store-a-password/
[2] http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/bcrypt.c
[3] http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/blowfish.c
More information about the Cryptography
mailing list