Password authentication for web and mobile apps (e-book)

bcrypt password hashing for your software and your servers

Please note that password hashing is often wrongly referred to as "password encryption". Hashing is a more appropriate term since encryption is something that is supposed to be easily reversible.

This is an implementation of bcrypt, a password hashing method based on the Blowfish block cipher, provided via the crypt(3) and a reentrant interface. It is fully compatible with OpenBSD bcrypt for prefix $2b$. bcrypt was originally designed and implemented by Niels Provos and David Mazieres. A paper on the algorithm that explains the design decisions is available here.

The most important property of bcrypt (and thus crypt_blowfish) is that it is adaptable to future processor performance improvements, allowing you to arbitrarily increase the processing cost of checking a password while still maintaining compatibility with your older password hashes. Already now bcrypt hashes you would use are several orders of magnitude stronger than traditional Unix DES-based or FreeBSD-style MD5-based hashes.

Today, a number of other operating systems, besides OpenBSD, support bcrypt password hashes, with Niels' original implementation, with this implementation (crypt_blowfish), or otherwise. These systems include recent versions of FreeBSD and NetBSD, Solaris 10, and indeed the Linux distributions that have integrated crypt_blowfish (see below for a list). Only some of these systems use bcrypt for newly set passwords by default, though.

This code comes from John the Ripper password cracker, and is placed in the public domain to let you use this on your system, as part of a software package, or anywhere else to improve security, ensure compatibility, or for any other purpose. There's no license to worry about, not even a BSD-style copyright.

You can use the provided routines in your own packages or link them into a C library. Hooks for linking into GNU libc are provided. Note that simply adding this code into your libc is probably not enough to make your system use the new password hashing algorithm. Changes to passwd(1), PAM modules, or whatever else your system uses will likely be needed as well. These are not part of this package, but there's pam_tcb in the Openwall GNU/*/Linux (Owl) tcb package which uses the password hashing framework provided by crypt_blowfish, and there are the Owl shadow suite patches (in particular, the crypt_gensalt patch) available from our CVSweb server.

You might also want to check out our portable PHP password hashing framework for use in your PHP applications, as well as our presentation on the history of password security.

Version 1.1 of crypt_blowfish fixes the 8-bit character handling vulnerability (CVE-2011-2483) and it adds 8-bit test vectors and a quick self-test on every hash computation. Any copies of older crypt_blowfish code must be upgraded to at least 1.1 (and preferably to the latest).

Version 1.2 adds support for the $2y$ prefix (denoting correctly computed hashes) and a countermeasure to avoid one-correct to many-buggy hash collisions with the $2a$ prefix (desirable when upgrading systems with existing $2a$ hashes computed using pre-1.1 versions of crypt_blowfish).

Version 1.3 adds support for the $2b$ prefix introduced in OpenBSD 5.5+, which behaves exactly the same as crypt_blowfish's $2y$. This way, full compatibility with OpenBSD's bcrypt is achieved at this new prefix.


These and other related files are also available from the Openwall file archive. The source code of crypt_blowfish can be browsed on GitHub or via CVSweb.

Follow this link for information on verifying the signatures.

We can help you integrate crypt_blowfish into your software or OS installs, please check out our services.

Contributed crypt_blowfish resources:

crypt_blowfish was fully integrated into Owl and distributions by ALT Linux team as the default password hashing scheme, although ALT Linux has since changed the default to yescrypt. crypt_blowfish is part of the glibc package on SUSE Linux.

Additionally, crypt_blowfish is used in PHP 5.3.0+, in the Suhosin security hardening patch for older versions of PHP, in Crypt::Eksblowfish Perl module, in PostgreSQL's contrib/pgcrypto providing bcrypt support for crypt() and gen_salt() SQL functions, and in CommuniGate Pro messaging server starting with version 4.1 (but you need to explicitly configure CGP to use "UB-crpt" "password encryption" in order to have it produce bcrypt hashes for new passwords).

crypt_blowfish is a registered project with Open Hub.

Quick Comment: