Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [bcrypt]

bcrypt is an intentionally slow hash algorithm specially designed for passwords.

bcrypt is a hash algorithm specially designed for passwords. It is based on Blowfish

The traditional purpose of hash functions is to sign documents or certificates. Therefore performance is one of the design goals for traditional hash functions.

As far as password hashes are concerned, however, performances is a negative property. Bcrypt was designed to be slow in order to make password cracking expensive.

94 questions
54
votes
1 answer

Password hashing security of argon2 versus bcrypt/PBKDF2?

I wonder if it can be approximated how much of a security margin the new argon2 hash, winner of the password hashing competition, can give over bcrypt or PBKDF2, for an attacker using large GPU systems. Practically speaking, if I have had a…
azren
  • 751
  • 1
  • 5
  • 7
33
votes
2 answers

Why can't one implement bcrypt in Cuda?

I had heard that although it's easy to implement message digest functions like MD5, SHA-1, SHA-256 etc. in CUDA (or any other GPU platform), it is impossible to implement bcrypt there. bcrypt is different from these hash functions, in that Blowfish…
Rook
  • 1,506
  • 1
  • 13
  • 22
30
votes
3 answers

Dropbox Password security

Dropbox have recently published How Dropbox securely stores your passwords Is this really more secure than using bcrypt with a complexity of 11 or 12 ? The password "chain" is secure as its weakest part, so is there any point adding the extra 2…
exussum
  • 403
  • 4
  • 7
18
votes
2 answers

Is bcrypt better than GnuPG's iterated+salted hashing method?

GnuPG has slow hash built-in in form of iterated+salted S2K. Does it have disadvantages in comparison with bcrypt or scrypt? Is GnuPG's slow hash method easily automated in GPUs?
Andrei Botalov
  • 379
  • 5
  • 12
16
votes
4 answers

Looking at hash output – is Base64 encoding in any way better than HEX encoding?

I was wondering why most "normal/unsafe" crypto hashes like SHA-256, SHA-512, Whirlpool, RipeMD-160, MD5, etc. are HEX encoded. But most "secure" crypto hashes (KDF' ) like bcrypt and scrypt are Base64 encoded. Why? somewhere I heared that Base64…
Richard R. Matthews
  • 4,545
  • 9
  • 31
  • 49
16
votes
3 answers

Do I have to recompute all hashes if I change the work factor in bcrypt?

The well-known article about why we should use bcrypt for hashing passwords mentions the work factor - some parameter to the algorithm that determines how long one hashing should be in terms of number of computations. This as the article says allows…
sharptooth
  • 409
  • 3
  • 9
16
votes
4 answers

Is there a way to use bcrypt with passwords longer than 72 bytes securely?

From my understanding BCrypt truncates the password to 72 bytes. If a password is longer than 72 bytes, what is a way to store that password using bcrypt securely without compromising it? Or is this incorrect and we should just let bcrypt truncate…
thames
  • 263
  • 2
  • 6
13
votes
4 answers

Why bcrypt is one-way while Blowfish is reversible?

While bcrypt is often regarded as an irreversible hashing function, it's based on the reversible Blowfish cipher. I'm just curious about how does this work. Here's the pseudocode from the wiki: bcrypt(cost, salt, input) state ←…
sunquan
  • 233
  • 1
  • 2
  • 5
12
votes
1 answer

Encrypting bcrypt hashes

I've been asked by a client to give some advice on hashing and as it isn't my area I'm looking for someone who knows what they are talking about. The client is hashing 4-6 digit PINs (mostly 4 digit) with bcrypt, they have the work factor set as…
Robin
  • 123
  • 4
12
votes
1 answer

Can one efficiently iterate valid bcrypt hash output values?

bcrypt is an intentionally slow hash algorithm. In my last protocol idea, I wanted to use it to expand a password and then only transfer the bcrypt-hashed password. An efficient attack on this would be an ability to iterate all bcrypt hashes (or…
Paŭlo Ebermann
  • 22,946
  • 7
  • 82
  • 119
11
votes
1 answer

Why do I need to store the salt for generated hashes?

I am new to crypto and authentication so have been doing reading around this and thought that I had a pretty good understanding of how this works. However when implementing my hashing using bcrypt.js I am once again confused. I thought that the…
Roaders
  • 213
  • 2
  • 5
11
votes
1 answer

Does a big salt have the same memory effects as Bcrypt?

Citing Thomas Pornin on the question Why can't one implement bcrypt in Cuda?: bcrypt is a variant of the Blowfish key scheduling, which is defined over a table (a few kilobytes) which is constantly accessed and modified throughout the algorithm.…
Luc
  • 1,558
  • 3
  • 19
  • 34
11
votes
3 answers

The internals of bcrypt

I'm attempting to get a better understanding of cryptography and have run into some questions about bcrypt. Bcrypt relies on the blowfish cipher, which is a reversible method of encryption. But bcrypt is not reversible. How is that possible? Or am…
temporary_user_name
  • 247
  • 1
  • 8
10
votes
5 answers

Best cryptographic algo with asymmetric cost: expensive to sign, cheap to validate

I'm looking to prevent a DDoS attack on a web service, by making the cost of performing an attack prohibitive. Typical users will only need to call out it once a day, and can afford to spend a few CPU cycles on each call, but I want to make it so an…
scosman
  • 203
  • 1
  • 8
8
votes
2 answers

What impact could general quantum computing have on BCrypt?

While discussing the 72 character limit of BCrypt, the question of resilience to quantum cryptanalysis came up. A search online didn't give me much of a lead as to what research has been done in this area. So my question is, are there any…
J.A.K.
  • 433
  • 2
  • 11
1
2 3 4 5 6 7