11

Even if I choose 1 character for my password or 32 characters with numbers, letters, uppercase symbols etc. the bcrypted password will still be 60 characters length password. So does the password strength matter when using bcrypt?

xoemab
  • 213
  • 2
  • 5

4 Answers4

21

The "strength" of a password is exactly how much it is unknown to the attacker. It always matters. That strength equates to the number of tries (on average) that the attacker will have to perform in order to guess it.

What bcrypt does is that it makes each try more expensive. With its configurable number of iteration, set sufficiently high, bcrypt can make it so that the attacker cannot try more than one password per second on his machine. This is much better (for you) than a billion tries per second, with a less suitable hash function: it makes cracking your password a billion times harder. However, if your password consists of only one character, the attacker will still find it in less than a minute.

So while bcrypt makes weak passwords more tolerable, it cannot save your skin absolutely.

(Output length of bcrypt is irrelevant for this. It is normal that hash functions have a fixed output size; in fact, if the output size depended on the input size then it would be a weakness, since it would leak information on the password.)

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • 1
    Your first sentence was a little bit of an eye opener for me. If you could guarantee (somehow) that attackers would never guess a 1 character password, then it would be the strongest password around. Unfortunately, I don't think that's how attackers work, but as a thought experiment of *attackers will never try [given range of passwords]* it kind of turned a light on inside. – corsiKa Jun 17 '14 at 14:42
  • Yeah key-stretchers make guessing more expensive, they don't decrease the number of licks to get to the center of the tootsie roll pop. – Andrew Hoffman Jun 17 '14 at 16:35
  • But that's only three! – Almo Jun 17 '14 at 17:04
  • @corsiKa Do note that password length restrictions you impose on your users is one of the first things an attacker would check, and is easy enough to establish (most often well documented for legit user's convenience). If they realize a single character long passwords are permitted, then that's the low hanging fruit they were hoping to find. – TildalWave Jun 17 '14 at 22:16
  • Oh completely - in fact, I'd venture to say that single character passwords would be brute forceable *manually*. A guarantee like what I mentioned is not practically achievable. A guarantee like "no one will brute force all 64 character passwords" *might* be more achievable, though. And since the possibility of having a class of passwords known to be not entirely brute forced is possible, it was a nice thought experiment to consider a (very strange) world where that class of passwords was length 1. – corsiKa Jun 17 '14 at 22:22
5

What does the strength of your password have to do with the fact that a bcrypt hash happens to be 60 characters long?

If your password is trivial to guess, then it's trivial to guess, no matter how long the resulting hash may be. If you're talking about a single printable ASCII character, then the attacker needs at most 95 attempts to find out the password. No hash algorithm will prevent this.

bcrypt does not magically make every password immune to brute-force attacks. It only makes those attacks harder. Weak passwords do not benefit from this. But if you have a decent password, then bcrypt can make a brute-force attack infeasible by demanding more resources than the attacker has.

Fleche
  • 4,024
  • 1
  • 17
  • 20
1

Strong passwords always matter, because of two concepts that make hacking passwords easier: dictionary attacks and rainbow attacks (often used together for maximum effectiveness). For a dictionary attack, one simply takes every word in the dictionary (and usually two, three, and four words, etc), and tries those combinations first. Given the rather small size of dictionaries, having a password that matches a word in the dictionary makes finding the password trivial. This is why you shouldn't use common names, words, or phrases as passwords.

Rainbow attacks give attackers even more firepower by pre-computing values (say, from a dictionary attack), or even millions of possible random-character passwords. Since they are pre-computed, the attacker only needs to scan their table for your hash, and if there's a match, they know your password immediately. While this is similar in nature to a brute-force attack, the deciding factor here is that the attacker comes at your data already armed with millions or even billions of hashes, which can be scanned in just a couple of seconds for a match. Even if it took the attackers one million seconds to guess the password, they already spent that time even before they found your file. Preparation for the actual attack can drastically reduce the time needed to find the password. Even if they don't find it, they've already eliminated all the passwords they've pre-computed as possible passwords, so the work isn't lost.

So, while there is still a huge space of safe passwords (far more than there are unsafe passwords), some care must be taken to avoid passwords that most likely would appear in a dictionary attack or a rainbow attack. Choosing a combination of letters, numbers, and symbols, but not in common patterns, is important. For example, "h4ck3rz" might seem somewhat safe, but since this is a common "leet-speek" term, you should avoid using it as a password or a part thereof. Also, any passwords less than eight letters long are trivially easy to break, and should also be avoided.

phyrfox
  • 5,724
  • 20
  • 24
  • A rainbow attack is not relevant against standard use of bcrypt (which is normally salted with a large enough random salt that rainbow tables are not feasible). Dictionary attacks still are very feasible against say top 10,000 passwords. https://xato.net/passwords/more-top-worst-passwords/#.U6BmIY1dV6U – Neil Slater Jun 17 '14 at 16:00
0

The question implied is: does a password of 32 characters with numbers, letters, uppercase symbols etc. make sense?

I'd say it's an overkill when being used with Bcrypt in a key derivation function, But at those length there is a choice to use passphrases. The latter may be composed of existing words like:

cater low ebony align scan (spaces added for readability)

The words can be chosen from a rather small dictionary like a 7776 word Diceware-like dictionary. The individual words must be chosen at random! (likewise for individual characters of a password.)

At http://en.wikipedia.org/wiki/Password_strength one can see that a 5-word Diceware phrase is as strong as a 11 character password consisting of a..z A..Z 0..9. If you want to do the math:

a 11 character password: 11^62(possibilities) = 5.23E19 combinations

a five word phrase form a 7776 word dictionary: 7776^5=2.8E19 combinations

won't do the math: a phrase like cater=low=ebOony=align=scan : 1.3E22 combinations (including separators + just One Random Inserted Character)

Dick99999
  • 525
  • 5
  • 8