5

Somebody else posted a question about ghostmail (https://www.ghostmail.com/crypto) and whether it looks valid. One of the things that triggered alarm bells for me was the sentence "Account Password (This is sent and stored encrypted using BCRYPT)". Do they simply not know the difference between hashing and encryption, or is there actually a way to encrypt a password with BCRYPT?

trallgorm
  • 875
  • 7
  • 19
  • The key part of bcrypt is that it's one-way. Encryption requires a two-way property. Hashing: one-way, Encryption: two-way – sethmlarson Mar 03 '16 at 21:15
  • @Oasiscircle so is it safe to say that the companies claim is wrong? – trallgorm Mar 03 '16 at 21:16
  • They probably send it by encrypting with SSL/TLS and store it by hashing with bcrypt. I feel like they just left that off to make it shorter. – sethmlarson Mar 03 '16 at 21:18
  • @Oasiscircle, technically you could run CTR with a standard hash function (or a PBKDF like bcrypt), it would just be incredibly slow. – SEJPM Mar 03 '16 at 21:19
  • @SEJPM How do you intend to decrypt a ciphertext constructed with a cryptographic hash function? CTR just converts a block cipher into a stream cipher. – sethmlarson Mar 03 '16 at 21:25
  • @Oasiscircle http://crypto.stackexchange.com/a/3020/23623 How do you normally decrypt in CTR mode? With your encrypt function! – SEJPM Mar 03 '16 at 21:30

2 Answers2

12

In that case, it is probably the password hashing function bcrypt, described by someone who does not make the difference between "hashing" and "encryption". Bad terminology, good function.

It must be said that there is an encryption tool called bcrypt as well, and which is known to do things very poorly, as far as encryption tools go. This is occasionally the source of great confusion.

Tom Leek
  • 168,808
  • 28
  • 337
  • 475
  • 4
    So they're either using the right tool or the wrong one. Glad that's settled. ;) – sethmlarson Mar 03 '16 at 21:19
  • It could be written to appeal to people who don't know what cryptographic hashing is, and so deliberately using the term encryption in a very loose sense. – bdsl Mar 04 '16 at 00:42
5

I am replying on behalf of GhostMail.

First of all we are sorry for the possible confusion.

The misunderstanding related to encryption vs hashing using the BCRYPT algorithm has been corrected on our website.

As pointed out by Oasiscircle they are obviously two different things for different purposes.

BCRYPT is a key derivation function used to compute a cryptographic hash of a password to store in some database.

It is worth noting that in this case the "Account Password" itself is a cryptographic hash computed at the client side using PBKDF2 and SHA-256 as the hashing algorithm and which performs 5000 rounds of hashing. This technique is also called key stretching.

If any further questions about our crypto design we will be happy to assist.

Mickey Joe
  • 51
  • 2
  • 1
    Hi, and welcome to secse! We're glad to have you here. It seems you even took the tour. :] Thanks for your input. – Mark Buffalo Mar 04 '16 at 17:05
  • so, you send an account salt to client, perform a 5000 iteration client side hash, then client sends the hash over SSL to you, and you derive key using bcrypt, which is then used to authenticate the user? – Richie Frame Mar 05 '16 at 01:15
  • The salt is inserted at the client side and is based on the username and the domain. The client then sends the hash computed by pbkdf2 over TLS and on the server side this hash is used to compute another hash with bcrypt, which is then stored and used to authenticate the user. – Mickey Joe Mar 05 '16 at 12:52