security.BCrypt.HashPassword
Creates a hash password.
Syntax
security.BCrypt.HashPassword(
password STRING,
salt STRING )
RETURNS STRING
- password defines the password to hash. The password is limited to 72 bytes.
- salt defines an encoded value
generated by
GenerateSalt()
that has a dedicated format. If the same hash value is computed again on another application, the same salt must be used. The format of the salt value follows this example:$2a$cost$modified_base64_encoded
(random value of 16-byte length). If salt is NULL, theHashPassword
method will generate one with a cost of 10.
Usage
The resulting hash password is composed of the version, the cost, and the salt+cipher separated
by $, as in this example:
$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q
where:
- "
2a
" is the version of BCrypt. The current API supports 2a to 2z. - "
12
" is the cost. - The remainder is the salt + cipher result concatenated and encoded in "modified" base64:
- The first 22 characters ("
EXRkfkdmXn2gzds2SSitu.
" in our example) decode to a 16-byte value for the salt. - The remaining characters ("
MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q
" in our example) are cipher text.
- The first 22 characters ("
This method may raise exception -15700 (operation failed) or -15701 (invalid parameter).
In case of error, the method throws an exception and sets the
status
variable. Depending on the error, a human-readable description of the
problem is available in the sqlca.sqlerrm
register. See Error handling in GWS calls (status).
For an example using
BCrypt
methods, see Example: Using security.BCrypt methods.