A Lua wrapper for OpenBSD's bcrypt.
lua >= 5.1
$ luarocks install bcrypt
local bcrypt = require( "bcrypt" ) -- Bigger numbers here will make your digest exponentially harder to compute local log_rounds = 9 local digest = bcrypt.digest( "password", log_rounds ) assert( bcrypt.verify( "password", digest ) )
Lua will keep plaintext passwords around in memory as part of its string interning mechanism. As far as I'm aware, there's nothing I can do about this.
If you would like to automatically tune the number of rounds to your hardware, you can include a function like:
function bcrypt.tune( t ) local SAMPLES = 10 local rounds = 5 while true do local total = 0 for i = 1, SAMPLES do local start = os.clock() bcrypt.digest( "asdf", rounds ) local delta = os.clock() - start total = total + delta end if ( total / SAMPLES ) * 1000 >= t then return rounds - 1 end rounds = rounds + 1 end end
This function returns the largest load factor such that
bcrypt.digest( str, work ) takes less than