Reputation: 492
How to handle BCrypt hashed passwords?
Given this example taken from http://php.net/manual/en/function.crypt.php
crypt('rasmuslerdorf', '$2a$07$usesomesillystringforsalt$')
Firstly: What is the length that the salt has to be if the hashing method is BLOWFISH?
This is the output I get for the above example:
$2a$07$usesomesillystringsaled/4C6/vYhuH1f.Z/Kwf8X.c.e0jjHay
Is it intentional that the salt, rounds, and what method of hashing I'm using are stored in the returned string? When I store passwords hashed in this behavior, do I store the entirety of the string starting with $2a ?
When checking the entered password against the one in the DB, how can I retrieve the salt from the string if there isn't anything separating it from the rest of the hash?
EDIT: Why is this method any more secure than using, say, SHA512/256? If someone were to use a dictionary attack/brute force method on a bunch of hashes with the salts, would they be able to crack the passwords any quicker?
Upvotes: 1
Views: 456
Answers (2)
Reputation:
Yes, the storing of the salt and other encryption parameters in the string are intentional; it saves you having to do it manually and maintains backward-compatibility when the number of rounds must be updated.
As for the number of effective characters in the salt, it is 22. Therefore, these two lines will result in the same hash:
crypt('rasmuslerdorf', '$2a$07$usesomesillystringforsalt$')
crypt('rasmuslerdorf', '$2a$07$usesomesillystringforsalp$')
As for checking the result from the database, simply use the string from the database itself as the parameters for crypt.
Upvotes: 1
Reputation: 24081
1) You need a 22 character salt, though not all bits of character 22 are used. This means that you can get the same hash, with a group of different character 22.
2) Storing the salt and the rounds in the resulting hash is indeed intentional. This way you can extract this information from the existing hash, and use it to check the user input. You should store the whole hash, which is 60 characters in length.
3) You don't need to extract the parameters from the hash to test against it, that does the PHP function crypt() for you. Just pass the existing hash as new crypt parameter. I tried to explain how it could be done in the article password hashes with bcrypt. If you are looking for a wellknown library you can look at phpass.
4) It is more secure, because it needs a certain amount of CPU time. Other hashes are designed to be fast, but that makes it possible to do a brute force attack with billions of passwords per second. The needed time can be adapted later with the cost factor, for new generations of computers.
Upvotes: 1
Related Questions
- PHP Login with bCrypt Hashed Passwords
- PHP - hashing passwords with bcrypt
- how to use correctly bcrypt php class
- How do I store user password with Bcrypt
- PHP password_hash() / bcrypt
- Hash passwords with bcrypt in the database or in php code?
- PHP & MYSQL: using bcrypt hash and verifying password with database
- How to use bcrypt with php for password authentication?
- Using bcrypt for user passwords
- Storing bcrypt hashes