An implementation of the bcrypt hashing algorithm for PAWN written in C++.
- All passwords are automatically salted
- Bcrypt is slow, which makes offline bruteforce attacks very hard (depends on the work factor)
- The work factor can be increased as the computers become more powerful
bcrypt_hash(key[], cost, callback_name[], callback_format[], {Float, _}:...);
bcrypt_get_hash(dest[]);
bcrypt_check(key[], hash[], callback_name[], callback_format[], {Float, _}:...);
bool:bcrypt_is_equal();
-
Copy the include and plugin file to their appropriate directories
-
Use
bcrypt_hash
if you want to hash user input (e.g. passwords, or when updating the work factor). Once the hash is calculated, the specified callback is called and the hash can be accessed with the functionbcrypt_get_hash
. -
Use
bcrypt_check
if you want to verify whether or not user input matches a given hash (e.g. on login). Once the verification is done, the specified callback will be called. The functionbcrypt_is_equal
returns true or false whether or not the password matched the hash.
#include <a_samp>
#include <bcrypt>
// Hashing a password
bcrypt_hash("MyPassword", 12, "OnPlayerRegister", "d", playerid);
forward public OnPlayerRegister(playerid);
public OnPlayerRegister(playerid)
{
new hash[61]; //the hash length is always 60
bcrypt_get_hash(hash);
printf("Password hashed for playerid %d: %s (registration)", playerid, hash);
// Could print for instance:
// "Password hashed for playerid 32: $2a$12$izP1Fy.pZxOjDOCVma0UneQoQ3sUX3HxfmyibOLPcafDSL8Pj.Ety (registration)"
// The hash will be different every time even for the same input due to the random salt
return 1;
}
// Checking a password
bcrypt_check(inputtext, hash, "OnPlayerLogin", "d", playerid);
forward public OnPlayerLogin(playerid);
public OnPlayerLogin(playerid)
{
printf("Password checked for playerid %d: %s (login)", playerid, (bcrypt_is_equal()) ? ("Correct password") : ("Incorrect password"));
return 1;
}