Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [bcrypt]

bcrypt is an intentionally slow hash algorithm specially designed for passwords.

bcrypt is a hash algorithm specially designed for passwords. It is based on Blowfish

The traditional purpose of hash functions is to sign documents or certificates. Therefore performance is one of the design goals for traditional hash functions.

As far as password hashes are concerned, however, performances is a negative property. Bcrypt was designed to be slow in order to make password cracking expensive.

93 questions
32
votes
2 answers

Why can't one implement bcrypt in Cuda?

I had heard that although it's easy to implement message digest functions like MD5, SHA-1, SHA-256 etc. in CUDA (or any other GPU platform), it is impossible to implement bcrypt there. bcrypt is different from these hash functions, in that Blowfish…
Rook
  • 1,496
  • 1
  • 13
  • 22
12
votes
1 answer

Encrypting bcrypt hashes

I've been asked by a client to give some advice on hashing and as it isn't my area I'm looking for someone who knows what they are talking about. The client is hashing 4-6 digit PINs (mostly 4 digit) with bcrypt, they have the work factor set as…
Robin
  • 123
  • 4
4
votes
1 answer

Why does 0x00 make bcrypt weaker?

On the following site: https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence when talking about the dangers of using bcrypt it states: There is a nontrivial chance that one of the raw bytes in the hash will be…
kojow7
  • 143
  • 6
3
votes
1 answer

Does ShaCrypt have the properties which make BCrypt slow on GPUs?

Sha256Crypt / Sha512Crypt are designed based on ideas of BCrypt but use SHA instead of Blowfish because of political requirements. The Sha*Crypt algorithms have the advantage that they are used in /etc/shadow on all common Linux distribution. Do the…
Hendrik Brummermann
  • 1,154
  • 1
  • 9
  • 26
2
votes
0 answers

Some questions about the internals of bcrypt

I'm attempting to get a better understanding of cryptography and have run into some questions about bcrypt. Bcrypt relies on the blowfish cipher, which is a reversible method of encryption. But bcrypt is not reversible. How is that possible? Or am I…
temporary_user_name
  • 247
  • 1
  • 7
2
votes
1 answer

Bcrypt input length vs collisions

I am currently implementing oauth2 bearer token authentication and am storing the tokens bcrypt encrypted. My question is how long should the tokens be to achieve maximum security. E.g. at what length would longer tokens be useless since a bcrypt…
Kaworu
  • 123
  • 3
0
votes
1 answer

Set/change password functionality on password: should I apply bcrypt server- or client-side?

I am writing a webpage on which a user can set (when registering) and change his/her password. This page is only served over HTTPS. When the user is altering his/her password, he/she is already authenticated with his/her current password. I am…
Jessica
  • 3
  • 1