8

I'm looking for a reference about the weird initial BCrypt text "OrpheanBeholderScryDoubt"

  • Why was this string used?
  • Would using 192 zeros or ones not have worked well in practice for some reason?
  • Was that just four random dictionary words (orphean, beholder, scry, doubt), or is there some special meaning to the bcrypt authors, maybe some kind of cryptography joke that flew over my head?

The google results have so many hits where the magic string is mentioned, in pseudocode or description of the implementation, that I am unable to find relevant historical explanations (if any exist).

wim
  • 623
  • 1
  • 5
  • 18

2 Answers2

15

OrpheanBeholderScryDoubt

This isn't authoritative, since I couldn't find a reference, but I found the commit where the string was introduced dated 1997/02/16.

The earlier version used the string OpenBSDbcrypthashfunc, since it was designed to be used with OpenBSD (it is the default on OpenBSD). The new string keeps the same initials OpenBSD (OrpheanBeholderScryDoubt) as a nod to its origins.

So all things point to it just being an arbitrary 24 character string with a nod to OpenBSD.

ryanc
  • 647
  • 5
  • 7
Nemo
  • 1,567
  • 1
  • 13
  • 11
0

To discuss this more generally:

Why was this string used?

This type of string is a Nothing up my sleeves number (in reference to a magician about to show a trick). They are generally chosen to avoid suspicion that it is a carefully crafted backdoor.

Would using 192 zeros or ones not have worked well in practice for some reason?

Some "magic" constants could be anything. But this is not true for all (Salsa). But the mark of a good "magic" constant is that there is plenty of degrees of freedom for the chooser.

Was that just four random dictionary words (orphean, beholder, scry, doubt), or is there some special meaning to the bcrypt authors, maybe some kind of cryptography joke that flew over my head?

@Nemo seems to have addressed this as thoroughly as might exist.

foreverska
  • 1,115
  • 11