We have implemented bcrypt and deployed it as part of the OpenBSD operating system. Bcrypt has been the default password scheme since OpenBSD 2.1.
An important requirement of any bcrypt implementation is that it exploit the full 128-bit salt space. OpenBSD generates the 128-bit bcrypt salt from an arcfour (arc4random(3)) key stream, seeded with random data the kernel collects from device timings.
OpenBSD lets administrators select a password hashing scheme through a special configuration file, passwd.conf(5). passwd.conf allows detailed control over which type of password to use for a given user or group. It also permits different password schemes for local and YP passwords. For bcrypt, one can also specify the cost. This lets people adjust password verification time for increasing processor speed. At the time of publication, the default cost is 6 for a normal user and 8 for the superuser. Of course, whatever cost people choose should be reevaluated from time to time.
To differentiate between passwords hashed by different algorithms, every password function other than the original crypt prefixes its output with a version identifier. Thus a single password file can contain several types of password. In the current OpenBSD implementation, bcrypt passwords start with ``$2a$'', while MD5 crypt passwords with ``$1$.'' Because the result of traditional crypt never begins with a ``$'', there is never any ambiguity.
|1|c||n||2c|digits||2c|lowercase||2c|lowercase||2c|mixed case||2c|mixed case||2c|keyboard|