bcrypt hashing for PicoLisp
This library can be used to hash strings (ex: passwords) using bcrypt in PicoLisp.
- PicoLisp 64-bit
- Tested up to PicoLisp
v20.6.29, see test runs
- UNIX/Linux development/build tools (gcc, make/gmake, etc..)
These FFI bindings require the bcrypt C library, compiled as a shared library.
maketo pull and compile the bcrypt C Library.
bcrypt.lin your project
- Try the examples below
Linking and Paths
Once compiled, the shared library is symlinked as:
.lib/libbcrypt.so -> .modules/bcrypt/HEAD/libbcrypt.so
bcrypt.l file searches for
.lib/libbcrypt.so, relative to its current directory.
To keep everything updated, type:
git pull && make clean && make
Only the following functions are exported publicly:
- (gensalt Factor) generates a salt to be used for hashing a string
FactorNumber: a Number between 4 and 31, defaults to
- (hashpw Passwd Salt) hashes a string with the salt provided
PasswdString: the String to be hashed
SaltString or Number (optional): a hash String or Number used as a cost Factor (will generate a salt automatically if a Number is provided)
- (compare Passwd Hash) a predicate which compares the password and hash. Returns
PasswdString: the password String
HashString: the hashed String of the password
- (timing Factor) calculates the timing of a password hashing, in seconds. Returns the factor in
carand seconds in
Note: These functions are not namespace local symbols, which means they would redefine symbols with the same name in the
- The default cost Factor is
- As rule of thumb, when using bcrypt to hash passwords, it should take at least 1 second per hash. Adjust the cost Factor based on the result of a few (timing) runs.
'InternalErrormessage will be thrown if there's an error.
pil + (load "bcrypt.l") (gensalt) -> "$2a$12$mQn1fUDeEZFW74KD5kU6g." (gensalt 14) -> "$2a$14$kjOSmjZeLsBdru7NRPEmQu"
(hashpw Passwd Salt)
pil + (load "bcrypt.l") (hashpw "changeme") -> "$2a$12$mmxN/qk8yvfjCx./KXtgfuqnUFsXjYv1ZTZmkMtdQ94rTDngiXpsq" (hashpw "changeme" 14) -> "$2a$14$gZLc8eII8kCbXgFp2rUcv.PPr/oPioojVy0yP0HMU6z2La.v4pEnG" (hashpw "changeme" "$2a$14$kjOSmjZeLsBdru7NRPEmQu") -> "$2a$14$kjOSmjZeLsBdru7NRPEmQuL5eU5YN4Yb48bD1A0Pxzwu/3G/7kwBy"
(compare Passwd Hash)
pil + (load "bcrypt.l") (compare "changeme" "$2a$14$kjOSmjZeLsBdru7NRPEmQuL5eU5YN4Yb48bD1A0Pxzwu/3G/7kwBy") -> T (compare "changeme" "$2a$12$2Lgk0P5s5VsxDUM2aa/HFu/6DwHce1lbUwJ1kTm092DwEeDRHHYBy") -> NIL (catch 'InternalError (compare "changeme" "I have no idea what i'm doing")) -> (BcryptError . "Unable to hash password")
pil + (load "bcrypt.l") (timing) -> (12 . 0) (timing 15) -> (15 . 4)
This library now comes with full unit tests. To run the tests, type:
If you find any bugs or issues, please create an issue.
If you want to improve this library, please make a pull-request.
Copyright (c) 2015-2020 Alexander Williams, Unscramble email@example.com