security.BCrypt.HashPassword

Creates a hash password.

Syntax

security.BCrypt.HashPassword(
   password STRING,
   salt STRING )
  RETURNS  STRING
  1. password defines the password to hash. The password is limited to 72 bytes.
  2. salt defines an encoded value generated by GenerateSalt() that has a dedicated format. If the same hash value is computed again on another application, the same salt must be used. The format of the salt value follows this example: $2a$cost$modified_base64_encoded (random value of 16-byte length). If salt is NULL, the HashPassword method will generate one with a cost of 10.

Usage

The resulting hash password is composed of the version, the cost, and the salt+cipher separated by $, as in this example:
$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q

where:

  • "2a" is the version of BCrypt. The current API supports 2a to 2z.
  • "12" is the cost.
  • The remainder is the salt + cipher result concatenated and encoded in "modified" base64:
    • The first 22 characters ("EXRkfkdmXn2gzds2SSitu." in our example) decode to a 16-byte value for the salt.
    • The remaining characters ("MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q" in our example) are cipher text.

This method may raise exception -15700 (operation failed) or -15701 (invalid parameter).

In case of error, the method throws an exception and sets the STATUS variable. Depending on the error, a human-readable description of the problem is available in the SQLCA.SQLERRM register. See Error handling in GWS calls (STATUS).

For an example using BCrypt methods, see Example: Using security.BCrypt methods.