Provided by: libcrypt-eksblowfish-perl_0.009-1build1_amd64 bug

NAME

       Crypt::Eksblowfish::Bcrypt - Blowfish-based Unix crypt() password hash

SYNOPSIS

               use Crypt::Eksblowfish::Bcrypt qw(bcrypt_hash);

               $hash = bcrypt_hash({
                               key_nul => 1,
                               cost => 8,
                               salt => $salt,
                       }, $password);

               use Crypt::Eksblowfish::Bcrypt qw(en_base64 de_base64);

               $text = en_base64($octets);
               $octets = de_base64($text);

               use Crypt::Eksblowfish::Bcrypt qw(bcrypt);

               $hashed_password = bcrypt($password, $settings);

DESCRIPTION

       This module implements the Blowfish-based Unix crypt() password hashing algorithm, known
       as "bcrypt".  This hash uses a variant of Blowfish, known as "Eksblowfish", modified to
       have particularly expensive key scheduling.  Eksblowfish and bcrypt were devised by Niels
       Provos and David Mazieres for OpenBSD.  The design is described in a paper at
       <http://www.usenix.org/events/usenix99/provos.html>.

FUNCTIONS

       bcrypt_hash(SETTINGS, PASSWORD)
           Hashes PASSWORD according to the supplied SETTINGS, and returns the 23-octet hash.
           SETTINGS must be a reference to a hash, with these keys:

           key_nul
               Truth value: whether to append a NUL to the password before using it as a key.
               The algorithm as originally devised does not do this, but it was later modified to
               do it.  The version that does append NUL is to be preferred; not doing so is
               supported only for backward compatibility.

           cost
               Non-negative integer controlling the cost of the hash function.  The number of
               operations is proportional to 2^cost.

           salt
               Exactly sixteen octets of salt.

       en_base64(BYTES)
           Encodes the octet string textually using the form of base 64 that is conventionally
           used with bcrypt.

       de_base64(TEXT)
           Decodes an octet string that was textually encoded using the form of base 64 that is
           conventionally used with bcrypt.

       bcrypt(PASSWORD, SETTINGS)
           This is a version of "crypt" (see "crypt" in perlfunc) that implements the bcrypt
           algorithm.  It does not implement any other hashing algorithms, so if others are
           desired then it necessary to examine the algorithm prefix in SETTINGS and dispatch
           between more than one version of "crypt".

           SETTINGS must be a string which encodes the algorithm parameters, including salt.  It
           must begin with "$2", optional "a", "$", two digits, "$", and 22 base 64 digits.  The
           rest of the string is ignored.  The presence of the optional "a" means that a NUL is
           to be appended to the password before it is used as a key.  The two digits set the
           cost parameter.  The 22 base 64 digits encode the salt.  The function will "die" if
           SETTINGS does not have this format.

           The PASSWORD is hashed according to the SETTINGS.  The value returned is a string
           which encodes the algorithm parameters and the hash: the parameters are in the same
           format required in SETTINGS, and the hash is appended in the form of 31 base 64
           digits.  This result is suitable to be used as a SETTINGS string for input to this
           function: the hash part of the string is ignored on input.

SEE ALSO

       Crypt::Eksblowfish, <http://www.usenix.org/events/usenix99/provos.html>

AUTHOR

       Andrew Main (Zefram) <zefram@fysh.org>

COPYRIGHT

       Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Andrew Main (Zefram) <zefram@fysh.org>

LICENSE

       This module is free software; you can redistribute it and/or modify it under the same
       terms as Perl itself.