Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mikejsavage/lua-bcrypt
A bcrypt library for Lua
https://github.com/mikejsavage/lua-bcrypt
Last synced: about 2 months ago
JSON representation
A bcrypt library for Lua
- Host: GitHub
- URL: https://github.com/mikejsavage/lua-bcrypt
- Owner: mikejsavage
- License: other
- Created: 2011-12-16T15:10:58.000Z (almost 13 years ago)
- Default Branch: master
- Last Pushed: 2023-12-11T11:58:44.000Z (10 months ago)
- Last Synced: 2024-04-22T06:23:27.644Z (5 months ago)
- Language: C
- Homepage:
- Size: 189 KB
- Stars: 53
- Watchers: 7
- Forks: 24
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
A Lua wrapper for OpenBSD's bcrypt.
Requirements
------------lua >= 5.1
Installation
------------```
$ luarocks install bcrypt
```Usage
-----```lua
local bcrypt = require("lua-bcrypt")-- Bigger numbers here will make your digest exponentially harder to compute
local log_rounds = 9local digest = bcrypt.digest("password", log_rounds)
assert(bcrypt.verify("password", digest))
````require("bcrypt")` vs `require("lua-bcrypt")`
----------------------------------------------Before lua-bcrypt 2.3-2 you had to use `require("bcrypt")`. I will never drop
support for this so you don't need to modify existing software unless you also
want it to run on Windows.Windows has a system DLL called bcrypt.dll and the name clash makes
`require("bcrypt")` not work. If you want your software to run on Windows you
must use `require("lua-bcrypt")`Security concerns
-----------------Lua will keep plaintext passwords around in memory as part of its string
interning mechanism. As far as I'm aware, there's nothing I can do about this.Tuning
------If you would like to automatically tune the number of rounds to your hardware,
you can include a function like:```lua
function bcrypt.tune(t)
local SAMPLES = 10
local rounds = 5while true do
local total = 0for i = 1, SAMPLES do
local start = os.clock()
bcrypt.digest("asdf", rounds)
local delta = os.clock() - starttotal = total + delta
endif (total / SAMPLES) * 1000 >= t then
return rounds - 1
endrounds = rounds + 1
end
end
```This function returns the largest load factor such that
`bcrypt.digest(str, work)` takes less than `t` milliseconds.