IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [bcrypt]

BCrypt is an adaptive cryptographic hash function for passwords. It incorporate a salt to protect against rainbow table attacks and is also an adaptive hash - over time it can be made slower and slower so it remains resistant to specific brute-force search attacks against the hash and the salt.

217 questions
14
votes
2 answers

Why should I choose SHA (such as SHa-512), instead of bcrypt or PBKDF2, for FIPS-compliance?

Due to regulation, my company needs to be FIPS-compliant. I was looking at the current list of FIPS-approved cryptographical methods and I notice that neither bcrypt or PBKDF2 are in this list. Does that mean I should use salted SHA-512 for…
John Assymptoth
  • 241
  • 2
  • 5
14
votes
2 answers

Mathematically, how long would it take to crack a bcrypt password hash?

So I'm currently using bcrypt to hash passwords with a randomly generated salt (as seen in the pip bcrypt module), with 12 rounds. I have been looking around, but I cannot find a detailed and clear mathematical way to estimate how long it would take…
madcrazydrumma
  • 242
  • 1
  • 2
  • 7
14
votes
4 answers

Challenging challenge: client-side password hashing and server-side password verification

We have a website where users need to log in to access privileged information. Obviously we are using SSL, but I also want to avoid plaintext passwords from accidently ending up in server logs, or wandering eyes of administrators. Therefore, I want…
Jason Smith
  • 1,551
  • 2
  • 11
  • 12
13
votes
3 answers

BCrypt's 72-character limit and using it as a general digest algorithm

Goal: have token/cookie-based authentication that doesn't require keeping sessions on the server TL;DR: What, if any, is the accepted mechanism to work around the 72-character limitation of BCrypt? Long version: After reading this answer I attempted…
Gijs
  • 233
  • 2
  • 6
12
votes
4 answers

What are the pros and cons of using sha256 to hash a password before passing it to bcrypt?

I recently became aware of the fact that bcrypt truncates passwords to 72 characters. Practically speaking my intuition is that this does not pose any major security problems. However, I understand that it does mean any software libraries that use…
Dan Tao
  • 281
  • 2
  • 6
12
votes
2 answers

Does bcrypt compare the hashes in "length-constant" time?

I saw this function slowEquals() while reading Salted Password Hashing - Doing it Right, which uses a byte-level xor comparison to avoid timing attacks. I was wondering whether this is what Bcrypt also does to avoid timing attacks. I use Openwall…
DevD
  • 257
  • 2
  • 7
11
votes
4 answers

Is it good practice to SHA512 passwords prior to passing them to bcrypt?

I want to allow any-sized passwords to be allowed to be submitted. I currently use bcrypt as a key derivation function for passwords, however I have realized that it has a maximum input length of 72. Because of this, I would like to sha512…
InvokeStatic
  • 133
  • 1
  • 5
11
votes
4 answers

Does the strength of password matter in bcrypt?

Even if I choose 1 character for my password or 32 characters with numbers, letters, uppercase symbols etc. the bcrypted password will still be 60 characters length password. So does the password strength matter when using bcrypt?
xoemab
  • 213
  • 2
  • 5
11
votes
2 answers

“Official statement” on php.net : CRYPT_BLOWFISH is strongest hash algorithm. Why?

First: I asked this question on stackoverflow and was kindly asked to post this here again. See the original question here. According to the [early] doc pages of the new PHP 5.5 password hashing/encrypting API the used algorithm CRYPT_BLOWFISH is…
Sliq
  • 259
  • 2
  • 9
11
votes
2 answers

safe to use jBCrypt and recommend it to my organization?

I'd like to recommend to my fellow developers that we all use bcrypt to hash stored passwords. We all use java and I hesitate to recommend jBCrypt only because its latest version number (0.3) indicates that it is a beta release. I see that recent…
mcgyver5
  • 6,807
  • 2
  • 24
  • 45
11
votes
3 answers

How should I choose a difficulty factor for my password hashing function?

Assuming that I'm doing password hashing properly and using bcrypt, scrypt or PBKDF2, how should I go about choosing an appropriate difficulty factor? i.e rounds for bcrypt, iterations for PBKDF2 and maxtime, maxmem or maxmemfrac for scrypt. Also…
Ladadadada
  • 5,163
  • 1
  • 24
  • 41
10
votes
2 answers

How were weak passwords brute forced in github?

Github faced a brute force password-guessing attack recently that involved "nearly 40K unique IP addresses". Passwords were also "stored properly" using bcrypt, (salt + hashed). Given that bcrypt generates a random salt per password and that the…
qnoid
  • 253
  • 1
  • 5
10
votes
3 answers

Does NIST really recommend PBKDF2 for password hashing?

We hesitated between BCrypt and PBKDF2 for password hashing. In many forums and blogs people say something like "In their Special Publication SP 800-132 NIST basically recommends using PBKDF2 for password hashing." This may be a very important…
Lachezar Balev
  • 537
  • 1
  • 3
  • 10
9
votes
6 answers

Should I hash a password if it is randomly generated

The best practice is we should hash a user password using algorithms such as bcrpyt to protect the user, however, given the following conditions, is hashing in the backend still matters? the password is randomly generated by backend with enough…
Ryan
  • 467
  • 1
  • 5
  • 13
9
votes
3 answers

bcrypt: random salt vs computed salt

I'm pretty new to the whole password hashing business, so I might be missing something obvious. I was looking at the bcrypt algorithm, in particular BCrypt.Net, and I was wondering if it wouldn't be more secure to compute a unique salt for each user…
Marc
  • 193
  • 1
  • 2
  • 8
1 2
3
14 15