lassir / bcrypt-samp Goto Github PK

View Code? Open in Web Editor NEW

24.0 4.0 13.0 662 KB

An implementation of the bcrypt hashing algorithm for SA-MP

License: MIT License

Makefile 1.99% C++ 77.79% C 3.95% Assembly 3.06% Roff 11.82% Pawn 1.39%

sa-mp bcrypt

bcrypt-samp's Introduction

Bcrypt for SA-MP

An implementation of bcrypt password hashing library for Pawn, written in C/C++.

Benefits of bcrypt

All passwords are automatically salted
Bcrypt is slow, which makes offline bruteforce attacks less efficient
The work factor can be increased as the computers become more powerful

Functions

bcrypt_hash(const key[], cost = 12, const callback_name[], const callback_format[] = "", {Float, _}:...);
bcrypt_check(const password[], const hash[], const callback_name[], const callback_format[] = "", {Float, _}:...);
bcrypt_get_hash(dest[]);
bcrypt_is_equal();
bcrypt_needs_rehash(const hash[], cost);
bcrypt_find_cost(time_target = 250);
bcrypt_set_thread_limit(value);
bcrypt_debug(BCRYPT_DEBUG_LEVEL:level = BCRYPT_LOG_ERROR);

See the wiki for detailed usage.

Installation

Linux

Copy bcrypt-samp.so to the plugins folder
Add plugins bcrypt-samp.so to server.cfg
Copy bcrypt.inc to the compiler's include directory (pawno/include by default)
Add #include <bcrypt> to your gamemode or filterscript

Windows

Copy bcrypt-samp.dll to the plugins folder
Add plugins bcrypt-samp to server.cfg
Copy bcrypt.inc to the compiler's include directory (pawno/include by default)
Add #include <bcrypt> to your gamemode or filterscript

Usage

Call function bcrypt_hash when you would like to hash user input (e.g. on registration, or when updating the work factor). Once the hash is calculated, the callback defined in the parameters will be called, and the hash can be acquired using bcrypt_get_hash function
Call function bcrypt_check when you would like to verify whether or not user input matches a given hash (e.g. on login). Once the verification is done, the callback defined in the parameters will be called, and the result can be acquired using bcrypt_is_equal function
You can use bcrypt_needs_rehash to check whether or not the hash needs to be updated
If you would like to override the default number of threads used, you may use function bcrypt_set_thread_limit. In most cases, however, the default value is adequate

Example

#include <a_samp>
#include <bcrypt>

#define BCRYPT_COST 12

forward OnPasswordHashed(playerid);
forward OnPasswordChecked(playerid);

public OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])
{
    switch(dialogid)
    {
        case DIALOG_REGISTRATION:
        {
			bcrypt_hash(inputtext, BCRYPT_COST, "OnPasswordHashed", "d", playerid);
        }

        case DIALOG_LOGIN:
        {
            // Variable hash is expected to contain the hash loaded from the database
            bcrypt_check(inputtext, hash,  "OnPasswordChecked", "d", playerid);
        }
    }

    return 1;
}

public OnPasswordHashed(playerid)
{
	new hash[BCRYPT_HASH_LENGTH];
	bcrypt_get_hash(hash);

	printf("Password hashed for player %d: %s", playerid, hash);
	return 1;
}

public OnPasswordChecked(playerid)
{
	new bool:match = bcrypt_is_equal();

	printf("Password checked for %d: %s", playerid, (match) ? ("Match") : ("No match"));
	return 1;
}

bcrypt-samp's People

Contributors

Stargazers

Watchers

Forkers

maddinat0r kaperstone freddyb1 cantbekarma whislire brlivexp mergevos canciftci cailir ivan4745 dev-karpov0

bcrypt-samp's Issues

Version check failed. (2.2.3)

plugin.bcrypt: Version check failed.
(Version 2.2.3)
How can i fix it? This error on the server cmd. (Btw, bcrypt working correctly.)

Some Problem in Latest Version [ 2.2.3 ]

Sometimes the Callback is just Queued, Not Executing but the plugin is properly loaded,

It happens both Windows and Linux Plugins

but it could be fixed like this,

but it is annoying like changing the plugin order and keep on restarting to fix,

hope you fix it soon, Thank you 💖

The Older version [ 2.2.2 ] works good and latest one [ 2.2.3 ] is not working in Open.mp

bcrypt_needs_rehash returns true even when the hash doesn't need rehashing

I am generating my hashes using my UCP in ASP.NET which uses Bcrypt.Net for C#, when I check if the hash needs rehashing in Bcrypt-samp it always says that the hash is in need for rehashing.
The cost in both Bcrypt.net and Bcrypt-samp are similar.

$2a$ not working but could after few changes

I'm using your plugin to encrypt Woltlab Burning Board 4 Passwords.
The passwords using a structure like this.

<?php
var_dump(crypt(crypt('password plain', $hash), $hash));

The password hash is for the password plain test:
$2a$08$H3iFs88PGZDLPgDbiRUV5uEFbWFUJXo5xrWKCEXk5sBsWs8OG9xkS

Your plugin is checking which prefix is used.
https://github.com/lassir/bcrypt-samp/blob/master/src/bcrypt.cpp#L37

But your check is wrong, i think.
https://github.com/lassir/bcrypt-samp/blob/master/src/natives.cpp#L112

Maybe the check function is wrong, too.
I got only "No match" ...

Could you fix this please?

bcrypt v2.2.2 works but the latest doesn't

Well on Linux I encountered problems with the latest release. I'm using Ubuntu 18.04 LTS (64-bits) and the problem is that it simply loads but the callback in bcrypt_hash doesn't get called at all, it works fine when I use wine and the .dll binary or downgrade to v2.2.2.

native bcrypt_get_hash(const dest[]);

This native writes to dest, thus it shouldn't be const.