Bcrypt algorithm understanding## Title
1. Introduction:
bcrypt is a cross-platform file encryption tool. The files encrypted by it can be transferred on all supported operating systems and processors. At present, it is difficult to crack the algorithm because it takes a lot of time, in years.
2. Basic principles:
1. Random salt + plain text password-after multiple hash algorithms-cipher text password is generated cipher text password
-cannot be calculated to restore the original password (×)- plain text password
2, as shown in Figure 2.1 :
图 2.1 bcrypt流程图
注:bcrypt算法是单向Hash加密算法,不可逆向破解。
3. bcrypt has four main variables:
(1), saltRounds (work factor): a positive integer, which is related to the number of hash calculations of the hash algorithm, the higher the value, the more secure, the default is 10 times.
Note: The work factor is a key parameter of the calculation times of the hash algorithm. The formula is:
Hash times = 1 * (2^(work factor))
(2), passwd: plaintext password string.
(3), salt: "salt", fixed characters 2 a (version number) + 2a (version number) +2 A ( Version present number ) + saltRounds + $ characters matched by the random number. As shown in Figure 2.2 (enclosed in red):
Figure 2.2 salt format
(4), myHash: The passwd and salt are hashed multiple times (the number is generally 2^10) to form the myHash we want.
Note: The first step is to generate salt (salt): input saltRounds, passwd, open the /dev/urandom device to generate random numbers; fixed characters (there are dollar signs before and after 2a) 2 a 2a2 a +$saltRouds... As the first part of the salt, the latter part is matched with the corresponding characters by the generated random number; the two parts are integrated to form the salt.
The second step is to generate myHash: input the above integrated salt (salt) and passwd, and hash through the hash algorithm. The number of hashes is determined by saltRounds. After multiple hash algorithms, a muHash string is generated.
The third step of integration: the combination of salt and myHash is the final ciphertext password.
The bcrypt ciphertext password is shown in Figure 2.3:
图 2.3 bcrypt 密文密码图
Salt contains: (has a dollar sign) $2a (has a dollar sign) 10 (has a dollar sign) 10 (has a dollar sign). 1 0 ( there is a th the United States membered symbol number ) + 22 characters behind.
myhash contains: except the part of salt.
3.
Time -consuming and testing 1. The most time-consuming part of the bcrypt algorithm encryption process is the time consumed by the hash algorithm for multiple calculations. The number of times is as written in the above formula and is related to the work factor value you enter. The larger the value ——The number of calculations will increase by the power of 2. For the value of the work factor, the range is between 4 and 31.
Example: Work factor = 10; Times = 2^10
Work factor = 31; Times = 2^31
2、测试: