Highest Voted 'bcrypt' Questions - IT Security Stack Exchange

5

votes

5 answers

Should BCRYPT be used for client-side password hashing

I am concerned about the use of bcrypt for client-side password generation. I am developing a password generation function to be used client-side, similar to PwdHash and PasswordMaker. Much has been said about the advantage of using bcrypt over…

passwords hash bcrypt

asked Aug 24 '14 at 18:28

Ken Clubb

183
1
8

5

votes

0 answers

Stateless REST API and secure server side password storage

RE: Duplicate - Did anyone actually read my question? The question marked as duplicate is in no way, shape, or form what I'm asking. I specifically state that a DB compromise must not allow an attacker access. Storing a session ID that can be…

authentication bcrypt rest

asked Jun 06 '13 at 04:01

regretoverflow

181
5

5

votes

4 answers

Having a list of hashes for the same password compromise the security of the password?

An attacker want's access to a specific account, he doesn't know the password. It's a high entropy password. +128bits The attacker has the hash for the password (Assuming OWASP suggested bcrypt with cost 12) The attacker has a list with n hashes…

cryptography hash brute-force bcrypt

asked Mar 15 '21 at 12:37

Justcurious

175
6

5

votes

2 answers

Is single iteration SHA-256 safe enough for hashing 128bit random number API keys?

I implemented this kind of authentication for my REST API, is this secure and is my logic sound? I am primarily curious about the SHA-256 hash & iterations = 1 aspect. I have omitted some details and explanations about the other aspects to keep this…

cryptography key-management brute-force bcrypt sha256

asked Jun 05 '20 at 06:37

Janne Mattila

153
4

5

votes

2 answers

Scrypt + Bcrypt = cascade hashing

I've read here that hashing with differents algorithms would be a good idea. Can you confirm that? In your experience, is it useful and safe? Does it entail any security holes?

hash bcrypt scrypt

asked Sep 07 '12 at 12:53

Surfer on the fall

787
3
8
17

5

votes

1 answer

Dictionary attack knowing the cipher

Let's suppose I know a website is using BCrypt with salts and the default round of 10. Can I do a dictionary attack by hashing all the words using BCrypt with the same parameters?

cryptography hash bcrypt

asked Mar 01 '17 at 19:59

Oscar

153
2

5

votes

2 answers

For high entropy credentials, is SHA256 hashing good enough?

Let's say I've got a database of high-entropy credentials (e.g. 256-bit random values) used as API keys by clients. I'd like to hash them in my database so that a database compromise doesn't allow an attacker to access my API with stolen…

passwords hash bcrypt sha256

asked May 05 '16 at 03:46

Bosh

223
1
5

5

votes

2 answers

Can you encrypt data using BCRYPT?

Somebody else posted a question about ghostmail (https://www.ghostmail.com/crypto) and whether it looks valid. One of the things that triggered alarm bells for me was the sentence "Account Password (This is sent and stored encrypted using BCRYPT)".…

encryption bcrypt

asked Mar 03 '16 at 21:12

trallgorm

875
7
19

4

votes

1 answer

Securely storing passwords using PHP5

Starting note: After going through some articles and answers posted on SO related to storing secured passwords I'm still not sure whether my way of thinking is applicable to todays reality. I'm currently thinking of a way to provide a secure…

passwords hash salt bcrypt sha

asked Apr 15 '15 at 12:55

Kamil Gosciminski

143
5

4

votes

1 answer

Is it a good idea to use two salts?

Is it a good idea to use two salts? This is implying that one would be unique to the user, and one would be unique to the server, using Bcrypt of course. So for example, if you're using Golang as your backend, would it be a good idea to generate a…

passwords salt bcrypt

asked Feb 24 '15 at 08:43

Belthian

59
3

4

votes

1 answer

RESTful web application security and authentication scheme

I am building a web application where the front-end is a single-page-app and the back-end serves it through a RESTful API. I want to make sure I implement user authentication with the best security practices. I am planning a system that will perform…

authentication web-application hash rest bcrypt

asked Jan 30 '15 at 03:20

Tom Grant

271
1
8

4

votes

2 answers

which memory hard hashing algorithm can equalize low-computational and high-computational power devices to utilize blockchain in the IoT?

Recently IBM and Microsoft showed their interest (IBM post, Microsoft post) in utilizing bitcoin's blockchain for internet of things (IoT) development. Let's assume that in close future the blockchain technique to be implemented in smart cars…

hash bcrypt algorithm sha256 bitcoin

asked Jan 08 '15 at 11:58

Nur

41
3

4

votes

3 answers

How does ASIC cryptocoin miners affect the security of scrypt?

Is the availability of these miners a reason to favor bcrypt (or something else) over scrypt? I mean, the goal of a password hash function is to maximize the work needed for an attacker to break a hash through brute force, dictionary or whatever,…

bcrypt scrypt

asked Oct 17 '14 at 10:50

Filip Haglund

1,593
1
11
20

4

votes

2 answers

BCrypt+SHA256 vs PBKDF2-SHA256

From this question, the OP posited taking a user's entered password, running it through BCrypt, then running that through SHA256 to produce a 256-bit password-derived key. (EDIT: To clarify, these two options are considered as producing a single key…

bcrypt pbkdf2 key-stretching

asked Jan 23 '13 at 04:35

KeithS

6,678
1
22
38

4

votes

3 answers

How is a pepper used with salted passwords?

How is a pepper (a large constant number) used after a password has been salted with a salt by a hashing function such as bcrypt? From Sybex CISSP Official Study Guide, 8th Edition (2018): Adding a pepper to a salted password increases the…

passwords salt bcrypt cissp pepper

asked Nov 13 '18 at 01:31

BJ Dela Cruz

143
5

Questions tagged [bcrypt]