SA-MP Forums

Go Back   SA-MP Forums > SA-MP Scripting and Plugins > Plugin Development

Thread Tools Display Modes
Old 25/07/2013, 12:59 PM   #1
Huge Clucker
Join Date: Mar 2011
Location: Finland
Posts: 215
Reputation: 80
Default Bcrypt (Password hash)

Bcrypt for SA-MP

Latest release: v2.2.3 (Jan 31, 2015)

Source code
Change log


Bcrypt is a hash function designed particularly for passwords, which implements an
automatic salt on all passwords, and allows the work factor to be changed as the computers
become more powerful.

Bcrypt is widely recommended, and often considered as the most secure method for hashing passwords. Source

  • All passwords are automatically salted.

  • Bcrypt is slow, which makes offline bruteforce attacks very hard (depends on the work factor).

  • The work factor can be increased as the computers become more powerful.

  • The plugin is multi threaded, so the impact on server performance is negligible.

  • Compatible with PHP's password_verify() and password_hash() functions.


With sampctl

sampctl package install lassir/bcrypt-samp:v2.2.3
  • Download the latest version of the plugins here.
  • Copy the plugin file and the include file to their appropriate directories

  • Include the .inc file in your filterscript or gamemode (#include <bcrypt>)

  • Call function bcrypt_check when you would like to verify whether or not user input matches a given
    hash (e.g. on login). Once the verification is done, the defined callback will be called, and the
    result can be acquired by calling function bcrypt_is_equal() in the callback.

  • If you ever change the cost, you may use bcrypt_needs_rehash function to check if the hash in the
    database should be updated. The function returns true if the hash should be rehashes, and false if the
    hash is up-to-date.


Function bcrypt_get_hash returns the result from bcrypt_hash, which is a 61-character-long string
(60 + null terminator), which is also defined as constant BCRYPT_HASH_LENGTH.

Below is the output for hashing "Hello World!" three times. The hash is completely unique every time,
because a random salt is used when calculating the hash every time.
1. $2y$12$33T1WbJGYD9YVKpBShTDsOOlS3248tApLCndjz28n0cyWZR1HYXy6
2. $2y$12$ExnQyld7o8w0QbWmAJgsJuygOwlFlbMITgzuw9g.6jbnscTd5kSK6
3. $2y$12$ivsAFLaGM52oCZnFe/QKBuoJy0osV8UsbJODPBUxeY3XSBhr739Yi

Cost represents the work factor, which is proportional to the amount of time it takes to calculate a
hash, and thus how secure the hash is. Increasing the cost by one approximately doubles the time
required to calculate the hash. Cost 10-13 should be adequate for most servers. The range of allowed
values for the cost is 4-31.


pawn Code:
#include <a_samp>
#include <bcrypt>

#define BCRYPT_COST 12

forward OnPasswordHashed(playerid);
forward OnPasswordChecked(playerid);

public OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])
            bcrypt_hash(inputtext, BCRYPT_COST, "OnPasswordHashed", "d", playerid);

        case DIALOG_LOGIN:
            // Variable hash is expected to contain the hash loaded from the database
            bcrypt_check(inputtext, hash, "OnPasswordChecked", "d", playerid);

    return 1;

public OnPasswordHashed(playerid)
    new hash[BCRYPT_HASH_LENGTH];
    printf("Password hashed for player %d: %s", playerid, hash);
    return 1;

public OnPasswordChecked(playerid)
    new bool:match = bcrypt_is_equal();
    printf("Password checked for %d: %s", playerid, (match) ? ("Match") : ("No match"));
    return 1;

Trouble shooting

The program canít start because MSVCR120.dll is missing from your computer.

Please download and install the 32-bit version of Visual C++ Redistributable Packages for Visual Studio 2013 (vcredist_x86.exe).

  • Johnson_boy
  • maddinat0r

Last edited by Johnson_boy; 01/08/2020 at 03:38 PM.
Johnson_boy is offline   Reply With Quote
Old 25/07/2013, 01:02 PM   #2
Little Clucker
Poket-Jony's Avatar
Join Date: Mar 2012
Location: Localhost
Posts: 1
Reputation: 0
Default AW: Bcrypt

Nice, i test it
Poket-Jony is offline   Reply With Quote
Old 25/07/2013, 01:17 PM   #3
Join Date: Apr 2012
Posts: 873
Reputation: 303
Default Re: Bcrypt

Finally someone made it.
Good job.
Djole1337 is offline   Reply With Quote
Old 25/07/2013, 01:52 PM   #4
Little Clucker
Join Date: Oct 2007
Posts: 15
Reputation: 0
Default Re: Bcrypt

I looked @ your source and as far as I can say, this could crash your server!
Your call to the callbacks are done in a seperated thread and this can corrupt the amx-stack!

Look @
roschti is offline   Reply With Quote
Old 25/07/2013, 02:24 PM   #5
Join Date: Mar 2010
Location: Germany
Posts: 1,046
Reputation: 359
Default AW: Bcrypt

If you want to use multiple threads, please make it atleast thread safe. As above roschti posted it can corrupt your AMX stack.

Also I don't think it's healthy to create always a new thread, once the native function has been called.
BigETI is offline   Reply With Quote
Old 25/07/2013, 02:30 PM   #6
Huge Clucker
Join Date: Mar 2011
Location: Finland
Posts: 215
Reputation: 80
Default Re: Bcrypt

Thanks for the feedback guys. I've put a warning of this issue to the main post while the issue still persists.

I'll have a look at the mysql plugins and attempt to fix it.
Johnson_boy is offline   Reply With Quote
Old 25/07/2013, 04:33 PM   #7
Huge Clucker
Join Date: Mar 2011
Location: Finland
Posts: 215
Reputation: 80
Default Re: Bcrypt

I think I got it working. Could you check processtick branch ( and see if it looks alright? If it does, I'll merge it to master.
Johnson_boy is offline   Reply With Quote
Old 25/07/2013, 05:54 PM   #8
Edvin's Avatar
Join Date: Dec 2010
Posts: 856
Reputation: 71
Default Re: Bcrypt

Great! Now we aren't obligated to improvise salt for whirlpool hashed passwords!. Excellent work!
Edvin is offline   Reply With Quote
Old 25/07/2013, 07:30 PM   #9
Huge Clucker
Join Date: Oct 2008
Posts: 410
Reputation: 20
Default Re: Bcrypt

Nice release, might consider switching to this over whirlpool hash.
Maxips2 is offline   Reply With Quote
Old 01/12/2014, 11:51 PM   #10
ProKillerpa's Avatar
Join Date: May 2013
Location: Rio Grande do Sul
Posts: 1,203
Reputation: 142
Default Re: Bcrypt

Nostalgia ť oque nos resta...
ProKillerpa is offline   Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

All times are GMT. The time now is 11:47 AM.

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.