Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 16 Sep 2014 18:53:53 +0000
From: H├ęctor Luis Gimbatti <>
To: "" <>
Subject: Bcrypt in linux


The current implementation of bcrypt found in OpenBSD (specifically /usr/src/lib/libc/crypto ) make use of arc4random "device" to generate the ''salt''.

I made some modifications in order to compile the code in linux so I can maintain a database in *nix of passwords for some program. Actually the code is very simple and thee modifications done to OBSD's bcrypt are trivial:
1. hardened BCRYPT_MAXSALT to 32, and BCRYPT_MINLOGROUNDS  to 8. (the latter can be modified in runtime whereas the first is constant, but can be easily modified).
2. Instead of using arc4random_buf to compute the salt, I use RAND_seed and RAND_bytes which are included in openssl (-lcrypto)

What can be done, as I've done for this specific code, is to change the constants (currently the hex representation of pi digits) used to initialize P and S boxes to some other constants (cuberoot(prime(i)) , sqrt(prime(i)), etc) in order to produce unique crypto for an specific application or device. 

If this is somehow useful for a project I can share the code 


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.