原始连接:
http://www.openwall.com/crypt/
Please note that password hashing is often wrongly referred to as "password encryption". Hashing is a more appropriate term since encryption is something which is supposed to be easily reversible.
This is an implementation of a modern password hashing algorithm, based on the Blowfish block cipher, provided via the crypt(3) and a reentrant interface. It is compatible with bcrypt (version 2a) by Niels Provos and David Mazieres, as used in OpenBSD. A paper on the algorithm that explains its design decisions is available here.
The most important property of bcrypt (and thus crypt_blowfish) is that it is adaptable to future processor performance improvements, allowing you to arbitrarily increase the processing cost of checking a password while still maintaining compatibility with your older password hashes. Already now bcrypt hashes you would use are several orders of magnitude stronger than traditional Unix DES-based or FreeBSD-style MD5-based hashes.
Today, a number of other operating systems, besides OpenBSD, support bcrypt password hashes, with Niels' original implementation, with this implementation (crypt_blowfish), or otherwise. These systems include recent versions of FreeBSD and NetBSD, Solaris 10, and indeed the Linux distributions which have integrated crypt_blowfish (see below for a list). Only some of these systems use bcrypt for newly set passwords by default, though.
This code comes from John the Ripper password cracker, and is placed in the public domain to let you use this on your system, as a part of a software package, or anywhere else to improve security, ensure compatibility, or for any other purpose. There's no license to worry about, not even a BSD-style copyright.
You can use the provided routines in your own packages or link them into a C library. Hooks for linking into GNU libc are provided. Note that simply adding this code into your libc is probably not enough to make your system use the new password hashing algorithm. Changes to passwd(1), PAM modules, or whatever else your system uses will likely be needed as well. These are not a part of this package, but there's pam_tcb in the Openwall GNU/*/Linux (Owl) tcb package which uses the password hashing framework provided by crypt_blowfish, and there are the Owl shadow suite patches (in particular, the crypt_gensalt patch) available from our CVSweb server.
You may also want to check out our portable PHP password hashing framework for use in your PHP applications.
Download:
These files are also available via FTP.
Follow this link for information on verifying the signatures.
We may help you integrate crypt_blowfish into your software or OS installs, please check out our services.
Contributed crypt_blowfish resources:
crypt_blowfish is fully integrated into Owl and distributions by ALT Linux team, as the default password hashing scheme. It is a part of the glibc package on ASPLinux and SuSE Linux.
Additionally, crypt_blowfish is used in the PHP Hardening-Patch, in PostgreSQL's contrib/pgcrypto providing bcrypt support for crypt() and gen_salt() SQL functions, and in CommuniGate Pro messaging server starting with version 4.1 (but you need to explicitly configure CGP to use "UB-crpt" "password encryption" in order to have it produce bcrypt hashes for new passwords).
Support further work on this software with donations.
