Is the execution time for bcrypt independent of the length of the input string?

Question

i.e.

Should the execution time of

bcrypt.hashpw('input_string', bcrypt.gensalt(12))

and

bcrypt.hashpw('arbitrarily_longer_input_string', bcrypt.gensalt(12))

be in theory the same.

Is this a something that is guaranteed by the bcrypt algorithm, or is it implementation specific?

This seems to be more suitable for [Crypto.SE](http://crypto.stackexchange.com). — Adi, May 02 '13 at 14:45
I wasn't aware of the Crypto.SE. Thanks. Should I remove this question if I cross-post to there? — mmcnickle, May 02 '13 at 14:47
You don't need to worry about it, a moderator will take a look at it and perform the appropriate action. — Adi, May 02 '13 at 14:58

score 7 · Accepted Answer · edited Mar 17 '17 at 10:46

Execution time in bcrypt does not depend on the input size; internally, the input string is padded into a fixed-length sequence of bytes, and that sequence is then used throughout the algorithm.

It would be a problem if execution time depended on input size, because the "cost factor" parameter is adjusted to make the execution time as high as is tolerable. The question is relevant, but, fortunately, bcrypt does not have this specific weakness.

Note: input passwords for bcrypt have a maximum size of a few dozen bytes. There are ways around it which involves a pre-hashing step (that step would take a time proportional to the password size, but it would be muuuuuch faster so the time overhead would be negligible, unless you are in the habit of typing passwords of several megabytes, which is impressive but weird).

Ok, I just took a guess. This guy actually knew the answer. I deleted my answer because it was incorrect. — John, May 02 '13 at 15:02

Is the execution time for bcrypt independent of the length of the input string?

1 Answers1