[Cryptography Team] bcrypt password hashing

Germán Arduino garduino at gmail.com
Fri Apr 22 20:11:18 UTC 2011 

Hi!

2011/4/22 Paul DeBruicker <pdebruic at gmail.com>:
> Hi -
>
> I've never implemented any cryptographic algorithms before but I'm trying to
> make an implementation of the bcrypt password hashing algorithm [1] in
> Pharo. I'm using the OpenBSD C implementation [2] as a reference. To make it
> work I need a port of the Blowfish algorithm and am also using the OpenBSD C
> blowfish implementation [3] as a reference.
>
> With what I have so far my "blowfish" can accurately encrypt and decrypt a
> string using a key. But the encrypted string does not match any of the
> reference implementations. I can take '0123456789' and encrypt it with the
> key 'AAAAA' and decrypt the result and get '0123456789' but my encrypted
> string is different than the C or Java encrypted string.  So I believe I've
> done something wrong.   I think my Feistel Network method is wrong because
> it eventually starts returning increasingly large 5 byte integers rather
> than the 4 bytes integers it should.  At least that's my current guess about
> the problem.
>
> Is there an open source version of Blowfish in Smalltalk I could look at to
> see where I may be going wrong?
>

Really a coincidence because just TODAY I started implementing
Blowfish in Squeak (Is on my
todo list from years). I'm only starting and deciding somethings about
implementation, but
if all go well I will relese it as MIT.

My sources of examples and info are:

- The examples in other languages in the site of Bruce Schneier;
- The visual works implementation and
- A PHP implementation I found in snipplr.

My idea, in addition to implementing, is develop (just for
training/fun) some UI to play with it.

Let me know if I can help.

Cheers.


-- 
=================================================
Germán S. Arduino  <gsa @ arsol.net>   Twitter: garduino
Arduino Software & Web Hosting   http://www.arduinosoftware.com
PasswordsPro  http://www.passwordspro.com
=================================================




>
>
>
>  Thanks
>
> Paul
>
>
> [1] http://www.usenix.org/events/usenix99/provos.html &
> http://codahale.com/how-to-safely-store-a-password/
>
> [2] http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/bcrypt.c
>
> [3] http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/blowfish.c
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>

More information about the Cryptography mailing list