bcrypt-hash
generates a secure cryptographic hash using the PHP 5.5 password_hash
function by specifying bcrypt
as the algorithm.
This was written as a command-line utility to experiment with generating bcrypt
hashes in a similar way that is possible with the SHA family by using the shasum
or md5
utilities.
This utility will only work with PHP 5.5+. See the comment here for options in regards to using older versions of PHP.
Use homebrew
:
brew tap gibsjose/crypto
brew install bcrypt-hash
Or install manually.
# Example: Hash the plaintext 't3rr1bl3_p4$$w0rd' with a cost factor of 12
bcrypt-hash -c 12 't3rr1bl3_p4$$w0rd'
$2y$12$UzKl7mitlZJt52PAMemYmeb9YUC9XhvX6DlbtbaVtdqI32TCPPCj6
# Example: Hash the plaintext 'Look! Here is some plaintext...' with the default cost factor of 10
bcrypt-hash 'Look! Here is some plaintext...'
$2y$10$k8pe9htFbLrJD/EjOE3In.RPOFpPz2WZ44lwQVt8RJRmUgXNnfnSC
# Example: Check the plaintext 'test' against a correct hash
bcrypt-hash check 'test' '$2y$10$5ixGI4bAKbWI4bdlzbXi9uqaOrysHRuqbBLP4N8HhgPL6c5yIuS2a'
Verified
# Example: Check the plaintext 'test' against an incorrect hash
bcrypt-hash check 'test' '$2y$10$8zcwWCamJ3a.w.D3Y82cWOfyeQygxG9HHBCOpXy7w18I2cbsN9IC2'
No match
# Example: Show the help
bcrypt-hash -h
# Example: Show the version
bcrypt-hash -v
Note: Your hashes will be different, since
bcrypt
generates it's own salt.
The cost factor must be between 04
and 32
as specified here, or else it will default to 10
.
The cost factor indicates the number of expansion rounds performed during the main loop of the hash function:
number of rounds = 2^cost
Currently, a cost factor of 12 or 13 (4096 or 8192 rounds) is recommended as a good balance between responsiveness and security.
A bcrypt
hash follows the following standard format:
$2y$cc$ssssssssssssssssssssssHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
Where:
$2y$
is the standardbcrypt
prefixcc
is the two-digit representation of the cost factor, from04
to32
sss...sss
is a 128-bit salt encoded as 22 base-64 digitsHHH...HHH
is the 184-bit hash encoded as 31 base-64 digits
For more information on bcrypt
, see the Wikipedia article.
See here for more information on PHP's password_hash
function, and here for more information on the cost
and salt
parameters.
Thanks to the incredible docopt
PHP library, which made the documentation and command-line argument processing a breeze.