TCL module for bcrypt, a password-hashing function.

Contact: neophytos (at) gmail (dot) com

bcrypt-tcl git repo

bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher, and presented at USENIX in 1999. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.

package require bcrypt

set salt [::bcrypt::gensalt 15]
# $2a$15$2rmMs5kDAKqq2q1XJQtEre

set hash [::bcrypt::hashpw "password" $salt]
# $2a$15$2rmMs5kDAKqq2q1XJQtEre5qG.qJpLJlNrk5Zb3Mv7cgn0JBK4xR2

set match_correct_pw [::bcrypt::checkpw "password" $hash]
puts match_correct_pw=$match_correct_pw
# match_correct_pw=1

set match_incorrect_pw [::bcrypt::checkpw "hello world" $hash]
puts match_incorrect_pw=$match_incorrect_pw
# match_incorrect_pw=0