bcrypthashinginweechatyo

bcrypt password hashing
by rasengan <rasengan on Rizon or Freenode>

1. Added to weechat/src/plugins/relay/CMakeLists.txt

weechat/bcrypt/bcrypt.c weechat/bcrypt/bcrypt.h
weechat/bcrypt/crypt_blowfish/crypt_gensalt.h
weechat/bcrypt/crypt_blowfish/crypt_blowfish.c
weechat/bcrypt/crypt_blowfish/crypt.h weechat/bcrypt/crypt_blowfish/ow-crypt.h
weechat/bcrypt/crypt_blowfish/wrapper.c
weechat/bcrypt/crypt_blowfish/crypt_blowfish.h
weechat/bcrypt/crypt_blowfish/crypt_gensalt.c)
set_target_properties(relay PROPERTIES PREFIX "")

2. Cloned https://github.com/rg3/bcrypt into weechat/src/plugins/relay/weechat/bcrypt

3. Changed if (strcmp (password, pos) == 0) to (bcrypt_checkpw(pos, password) == 0) in weechat/src/plugins/relay/weechat/relay-weechat-protocol.c

mkdir weechat/build
cd weechat/build
cmake ..
make
make install

Now you can send hashed passwords.  That said, remember, unless your connection is encrypted, you should NEVER send a password over plaintext.

The benefit of this is simply that you do not need to SAVE your password in PLAINTEXT in your ~/.weechat/relay.conf file.  chmod 0600 doesn’t protect you from root after all.

This is only tested in linux.  OpenBSD has the same bcrypt so you should be good there too.  Sorry it’s not portable :(


I just did this right now so don't actually trust this for any real security until some people in the community review.  It could be really messed up.  I don't really know how weechat works and just found the strcmp line that checked the password and simply replaced it with a hash checking function.