README.md (1209B)
1 A Lua wrapper for OpenBSD's bcrypt. 2 3 4 Requirements 5 ------------ 6 7 lua >= 5.1 8 9 10 Installation 11 ------------ 12 13 $ luarocks install bcrypt 14 15 16 Usage 17 ----- 18 19 local bcrypt = require( "bcrypt" ) 20 21 -- Bigger numbers here will make your digest exponentially harder to compute 22 local log_rounds = 9 23 24 local digest = bcrypt.digest( "password", log_rounds ) 25 assert( bcrypt.verify( "password", digest ) ) 26 27 28 Security concerns 29 ----------------- 30 31 Lua will keep plaintext passwords around in memory as part of its string 32 interning mechanism. As far as I'm aware, there's nothing I can do about 33 this. 34 35 36 Tuning 37 ------ 38 39 If you would like to automatically tune the number of rounds to your 40 hardware, you can include a function like: 41 42 function bcrypt.tune( t ) 43 local SAMPLES = 10 44 local rounds = 5 45 46 while true do 47 local total = 0 48 49 for i = 1, SAMPLES do 50 local start = os.clock() 51 bcrypt.digest( "asdf", rounds ) 52 local delta = os.clock() - start 53 54 total = total + delta 55 end 56 57 if ( total / SAMPLES ) * 1000 >= t then 58 return rounds - 1 59 end 60 61 rounds = rounds + 1 62 end 63 end 64 65 This function returns the largest load factor such that `bcrypt.digest( 66 str, work )` takes less than `t` milliseconds.