BCrypt (nifi-security-utils 1.7.1 API)

java.lang.Object
- org.apache.nifi.security.util.crypto.bcrypt.BCrypt

```
public class BCrypt
extends Object
```
BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.
This password hashing system tries to thwart off-line password cracking using a computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. The work factor of the algorithm is parametrized, so it can be increased as computers get faster.
Usage is really simple. To hash a password for the first time, call the hashpw method with a random salt, like this:
String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());
To check whether a plaintext password matches one that has been hashed previously, use the checkpw method:
if (BCrypt.checkpw(candidate_password, stored_hash)) System.out.println("It matches"); else System.out.println("It does not match");
The gensalt() method takes an optional parameter (log_rounds) that determines the computational complexity of the hashing:
String strong_salt = BCrypt.gensalt(10) String stronger_salt = BCrypt.gensalt(12)
The amount of work increases exponentially (2**log_rounds), so each increment is twice as much work. The default log_rounds is 10, and the valid range is 4 to 30.

Version:

0.4

Author:

Damien Miller

Field Summary

Fields
Modifier and Type	Field and Description
`private static char[]`	`base64_code`
`private static int`	`BCRYPT_SALT_LEN`
`private static int[]`	`bf_crypt_ciphertext`
`private static int`	`BLOWFISH_NUM_ROUNDS`
`private static int`	`GENSALT_DEFAULT_LOG2_ROUNDS`
`private static byte[]`	`index_64`
`private int[]`	`P`
`private static int[]`	`P_orig`
`private int[]`	`S`
`private static int[]`	`S_orig`

Constructor Summary

Constructors
Constructor and Description

BCrypt()

Constructors
Constructor and Description
`BCrypt()`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`private static byte`	`char64(char x)` Look up the 3 bits base64-encoded by the specified character, range-checking againt conversion table
`static boolean`	`checkpw(String plaintext, String hashed)` Check that a plaintext password matches a previously hashed one
`byte[]`	`crypt_raw(byte[] password, byte[] salt, int log_rounds, int[] cdata)` Perform the central password hashing step in the bcrypt scheme
`private static byte[]`	`decode_base64(String s, int maxolen)` Decode a string encoded using bcrypt's base64 scheme to a byte array.
`private void`	`ekskey(byte[] data, byte[] key)` Perform the "enhanced key schedule" step described by Provos and Mazieres in "A Future-Adaptable Password Scheme" http://www.openbsd.org/papers/bcrypt-paper.ps
`private void`	`encipher(int[] lr, int off)` Blowfish encipher a single 64-bit block encoded as two 32-bit halves
`private static String`	`encode_base64(byte[] d, int len)` Encode a byte array using bcrypt's slightly-modified base64 encoding scheme.
`static String`	`gensalt()` Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply
`static String`	`gensalt(int log_rounds)` Generate a salt for use with the BCrypt.hashpw() method
`static String`	`gensalt(int log_rounds, SecureRandom random)` Generate a salt for use with the BCrypt.hashpw() method
`static String`	`hashpw(String password, String salt)` Hash a password using the OpenBSD bcrypt scheme
`private void`	`init_key()` Initialise the Blowfish key schedule
`private void`	`key(byte[] key)` Key the Blowfish cipher
`private static int`	`streamtoword(byte[] data, int[] offp)` Cycically extract a word of key material

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - GENSALT_DEFAULT_LOG2_ROUNDS
```
private static final int GENSALT_DEFAULT_LOG2_ROUNDS
```
    See Also:
    
    Constant Field Values
  - BCRYPT_SALT_LEN
```
private static final int BCRYPT_SALT_LEN
```
    See Also:
    
    Constant Field Values
  - BLOWFISH_NUM_ROUNDS
```
private static final int BLOWFISH_NUM_ROUNDS
```
    See Also:
    
    Constant Field Values
  - P_orig
```
private static final int[] P_orig
```
  - S_orig
```
private static final int[] S_orig
```
  - bf_crypt_ciphertext
```
private static final int[] bf_crypt_ciphertext
```
  - base64_code
```
private static final char[] base64_code
```
  - index_64
```
private static final byte[] index_64
```
  - P
```
private int[] P
```
  - S
```
private int[] S
```
- Constructor Detail
  - BCrypt
```
public BCrypt()
```
- Method Detail
  - encode_base64
```
private static String encode_base64(byte[] d,
                                    int len)
                             throws IllegalArgumentException
```
    Encode a byte array using bcrypt's slightly-modified base64 encoding scheme. Note that this is *not* compatible with the standard MIME-base64 encoding.
    
    Parameters:
    
    d - the byte array to encode
    
    len - the number of bytes to encode
    
    Returns:
    
    base64-encoded string
    
    Throws:
    
    IllegalArgumentException - if the length is invalid
  - char64
```
private static byte char64(char x)
```
    Look up the 3 bits base64-encoded by the specified character, range-checking againt conversion table
    
    Parameters:
    
    x - the base64-encoded value
    
    Returns:
    
    the decoded value of x
  - decode_base64
```
private static byte[] decode_base64(String s,
                                    int maxolen)
                             throws IllegalArgumentException
```
    Decode a string encoded using bcrypt's base64 scheme to a byte array. Note that this is *not* compatible with the standard MIME-base64 encoding.
    
    Parameters:
    
    s - the string to decode
    
    maxolen - the maximum number of bytes to decode
    
    Returns:
    
    an array containing the decoded bytes
    
    Throws:
    
    IllegalArgumentException - if maxolen is invalid
  - encipher
```
private final void encipher(int[] lr,
                            int off)
```
    Blowfish encipher a single 64-bit block encoded as two 32-bit halves
    
    Parameters:
    
    lr - an array containing the two 32-bit half blocks
    
    off - the position in the array of the blocks
  - streamtoword
```
private static int streamtoword(byte[] data,
                                int[] offp)
```
    Cycically extract a word of key material
    
    Parameters:
    
    data - the string to extract the data from
    
    offp - a "pointer" (as a one-entry array) to the current offset into data
    
    Returns:
    
    the next word of material from data
  - init_key
```
private void init_key()
```
    Initialise the Blowfish key schedule
  - key
```
private void key(byte[] key)
```
    Key the Blowfish cipher
    
    Parameters:
    
    key - an array containing the key
  - ekskey
```
private void ekskey(byte[] data,
                    byte[] key)
```
    Perform the "enhanced key schedule" step described by Provos and Mazieres in "A Future-Adaptable Password Scheme" http://www.openbsd.org/papers/bcrypt-paper.ps
    
    Parameters:
    
    data - salt information
    
    key - password information
  - crypt_raw
```
public byte[] crypt_raw(byte[] password,
                        byte[] salt,
                        int log_rounds,
                        int[] cdata)
```
    Perform the central password hashing step in the bcrypt scheme
    
    Parameters:
    
    password - the password to hash
    
    salt - the binary salt to hash with the password
    
    log_rounds - the binary logarithm of the number of rounds of hashing to apply
    
    cdata - the plaintext to encrypt
    
    Returns:
    
    an array containing the binary hashed password
  - hashpw
```
public static String hashpw(String password,
                            String salt)
```
    Hash a password using the OpenBSD bcrypt scheme
    
    Parameters:
    
    password - the password to hash
    
    salt - the salt to hash with (perhaps generated using BCrypt.gensalt)
    
    Returns:
    
    the hashed password
  - gensalt
```
public static String gensalt(int log_rounds,
                             SecureRandom random)
```
    Generate a salt for use with the BCrypt.hashpw() method
    
    Parameters:
    
    log_rounds - the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.
    
    random - an instance of SecureRandom to use
    
    Returns:
    
    an encoded salt value
  - gensalt
```
public static String gensalt(int log_rounds)
```
    Generate a salt for use with the BCrypt.hashpw() method
    
    Parameters:
    
    log_rounds - the log2 of the number of rounds of hashing to apply - the work factor therefore increases as 2**log_rounds.
    
    Returns:
    
    an encoded salt value
  - gensalt
```
public static String gensalt()
```
    Generate a salt for use with the BCrypt.hashpw() method, selecting a reasonable default for the number of hashing rounds to apply
    
    Returns:
    
    an encoded salt value
  - checkpw
```
public static boolean checkpw(String plaintext,
                              String hashed)
```
    Check that a plaintext password matches a previously hashed one
    
    Parameters:
    
    plaintext - the plaintext password to verify
    
    hashed - the previously-hashed password
    
    Returns:
    
    true if the passwords match, false otherwise

Class BCrypt

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

GENSALT_DEFAULT_LOG2_ROUNDS

BCRYPT_SALT_LEN

BLOWFISH_NUM_ROUNDS

P_orig

S_orig

bf_crypt_ciphertext

base64_code

index_64

P

S

Constructor Detail

BCrypt

Method Detail

encode_base64

char64

decode_base64

encipher

streamtoword

init_key

key

ekskey

crypt_raw

hashpw

gensalt

gensalt

gensalt

checkpw