bcrypt
bcrypt merupakan fungsi hashing kata sandi yang dirancang oleh dua orang peneliti keamanan komputer Niels Provos dan David Mazières, cipher Blowfish adalah dasar pembuatan bcrypt, dan disajikan di USENIX pada tahun 1999.[1] bcrypt dapat melindungi dari serangan rainbow table dengan mengunakan salt, selain itu, bcrypt adalah fungsi adaptif: seiring waktu, jumlah iterasi dapat ditingkatkan untuk membuatnya lebih lambat, sehingga tetap aman terhadap serangan pencarian brute-force bahkan dengan meningkatnya daya komputasi.
Fungsi bcrypt merupakan algoritme hash password dasar untuk OpenBSD [2] dan sistem lain termasuk beberapa distribusi Linux seperti SUSE Linux .[3]
bcrypt dapat diimplementasikan pada bahasa pemrograman PHP, Python, JavaScript, C, C ++, C #, Go,[4] Java,[5][6] Elixir,[7] Perl,[8] Ruby dan bahasa lain
Algortima
Algoritme bcrypt adalah hasil dari enkripsi teks "OrpheanBeholderScryDoubt" 64 kali menggunakan Blowfish . Dalam bcrypt fungsi biasa key setup pada Blowfish digantikan dengan fungsi expensive key setup (EksBlowfishSetup)
Function bcrypt Input: cost: Number (4..31) log2(Iterations). e.g. 12 ==> 212 = 4,096 iterations salt: array of Bytes (16 bytes) random salt password: array of Bytes (1..72 bytes) UTF-8 encoded password Output: hash: array of Bytes (24 bytes) //Initialize Blowfish state with expensive key setup algorithm state <- EksBlowfishSetup(cost, salt, password) //Repeatedly encrypt the text "OrpheanBeholderScryDoubt" 64 times ctext <- "OrpheanBeholderScryDoubt" //24 bytes ==> three 64-bit blocks repeat (64) ctext EncryptECB(state, ctext) //encrypt using standard Blowfish in ECB mode //24-byte <- ctext is resulting password hash return Concatenate(cost, salt, ctext)
Expensive key setup
Algoritme bcrypt sangat bergantung pada algoritme key setup "Eksblowfish", berikut algoritmanya:
Function EksBlowfishSetup Input: cost: Number (4..31) log2(Iterations). e.g. 12 ==> 212 = 4,096 iterations salt: array of Bytes (16 bytes) random salt password: array of Bytes (1..72 bytes) UTF-8 encoded password Output: state: opaque BlowFish state structure state <- InitialState() state <- ExpandKey(state, salt, password) repeat (2cost) state <- ExpandKey(state, 0, password) state <- ExpandKey(state, 0, salt) return state
Expand key
Berikut algoritme fungsi ExpandKey
Function ExpandKey(state, salt, password) Input: state: Opaque BlowFish state structure Internally contains P-array and S-box entries salt: array of Bytes (16 bytes) random salt password: array of Bytes (1..72 bytes) UTF-8 encoded password Output: state: opaque BlowFish state structure //Mix password into the internal P-array of state for n <- 1 to 18 do Pn <- Pn xor password[32(n-1)..32n-1] //treat the password as cyclic //Encrypt state using the lower 8 bytes of salt, and store the 8 byte result in P1|P2 block <- Encrypt(state, salt[0..63]) P1 <- block[0..31] //lower 32-bits P2 <- block[32..63] //upper 32-bits //Continue encrypting state with salt, and storing results in remaining P-array for n <- 2 to 9 do block <- Encrypt(state, block xor salt[64(n-1)..64n-1]) //encrypt using the current key schedule and treat the salt as cyclic P2n-1 <- block[0..31] //lower 32-bits P2n <- block[32..63] //upper 32-bits //Mix encrypted state into the internal S-boxes of state for i <- 1 to 4 do for n <- 0 to 127 do block <- Encrypt(state, block xor salt[64(n-1)..64n-1]) //as above Si[2n] <- block[0..31] //lower 32-bits Si[2n+1] <- block[32..63] //upper 32-bits return state
Referensi
- ^ Provos, Niels; Mazières, David; Talan Jason Sutton 2012 (1999). "A Future-Adaptable Password Scheme". Proceedings of 1999 USENIX Annual Technical Conference: 81–92.
- ^ "Commit of first work to repo". 13 Feb 1997.
- ^ "SUSE Security Announcement: (SUSE-SA:2011:035)". 23 August 2011. Diarsipkan dari versi asli tanggal 4 March 2016. Diakses tanggal 20 August 2015.
SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.
- ^ "Package bcrypt". godoc.org.
- ^ "jBCrypt - strong password hashing for Java". www.mindrot.org (dalam bahasa Inggris). Diakses tanggal 2017-03-11.
- ^ "bcrypt - A Java standalone implementation of the bcrypt password hash function". github.com (dalam bahasa Inggris). Diakses tanggal 2018-07-19.
- ^ Whitlock, David. "Bcrypt Elixir: Bcrypt password hashing algorithm for Elixir". GitHub. riverrun.
- ^ Stufft, Donald. "bcrypt: Modern password hashing for your software and your servers".