To support BCrypt encrypted login passwords in KEYBOX I ported the very excellent Java implementation by Damien Miller to Objective C. iOS 4.0 unfortunately does not offer this algorithm out of the box the same way it does SHA-256 and AES-256 and many iOS developers are rolling their own or giving up and settling on SHA-256.
Why use BCrypt instead of SHA-256 to one-way hash passwords?
Recently there have been advances in using high performance graphics cards equipped with GPUs to speed up the brute force process of discovering passwords encrypted with SHA-256. BCrypt is resilient against this strategy by virtue of the fact that it employs a very slow work factor in its hashing. This is why KEYBOX takes a little while to log you in. It’s one-way hashing the login password using BCrypt at a work factor of 10.
How to use BCrypt in your iOS app.
My ported implementation is called JFBCrypt and relies on 2 other resources, JFGC and JFRandom, which are located with it in my Github repository. As such, it is fairly self contained and does not require any external dependencies. Just drop these files anywhere in your iOS project and include logic similar to that shown below.
NSString *salt = [JFBCrypt generateSaltWithNumberOfRounds: 10]; NSString *hashedPassword = [JFBCrypt hashPassword: password withSalt: salt];
JFBCrypt is covered under the very liberal Apache license and can be included in both open source and closed source apps. Damien Miller’s original license is also included in accordance with his wishes.
If you have any questions or feedback feel free to contact me at firstname.lastname@example.org.