Bitcoin Forum

Other => New forum software => Topic started by: nahtnam on February 24, 2015, 11:33:01 PM



Title: Why not use Bcrypt?
Post by: nahtnam on February 24, 2015, 11:33:01 PM
Looking at this: https://docs.google.com/document/d/1bHlm4NQkSzaBTT5tLIqQBmV92wSsbdOX5r-dRR9Dgg0/edit (https://docs.google.com/document/d/1bHlm4NQkSzaBTT5tLIqQBmV92wSsbdOX5r-dRR9Dgg0/edit)

I dont think its mentioned, but I think bcrypt should be used for passwords since its probably one of the most secure hashing algorithms.


Title: Re: Why not use Bcrypt?
Post by: Madness on February 25, 2015, 06:40:53 AM
Pretty good idea , what what's the forum is using right now? MD5 or something if yes then it would be good to use bcrypt because brute-forcing the password will be 10 times more expensive with bcrypt than with MD5.

~ Madness


Title: Re: Why not use Bcrypt?
Post by: Muhammed Zakir on February 25, 2015, 08:23:38 AM
+1 from me. I was looking for disadvantages of using Bcrypt and one disadvantage I found is that the output length is not configurable. From http://www.tarsnap.com/scrypt/scrypt.pdf:

https://farm9.staticflickr.com/8581/16642030185_f6388b86cc_b.jpg (https://flic.kr/p/rmAKLV)

   -MZ


Title: Re: Why not use Bcrypt?
Post by: Blazr on February 25, 2015, 08:43:50 AM
The forum already uses its own hashing method, IIRC its 10,000 rounds of RIPEMD160 with a unique salt per user. This is as safe as it gets.


Title: Re: Why not use Bcrypt?
Post by: Muhammed Zakir on February 25, 2015, 09:08:42 AM
The forum already uses its own hashing method, IIRC its 10,000 rounds of RIPEMD160 with a unique salt per user. This is as safe as it gets.

RIPEND160 is good and I think SHA-2 family is good too. I think bcrypt was suggested because it has a large time cost for each hash generated, which makes brute force attacks against any given password an infeasible proposition.

   -MZ


Title: Re: Why not use Bcrypt?
Post by: theymos on February 25, 2015, 03:00:35 PM
The idea that bcrypt is somehow extra strong is AFAIK entirely a myth. bcrypt is based on a fast Blowfish-based hash function comparable to SHA-256 and other cryptographically-secure hash functions. It makes the entire process slow by hashing the password many times. But this is exactly what any decent key derivation function does.

The forum uses sha256crypt (which has an extremely similar interface to bcrypt) with 7500 iterations. If SHA-256 and bcrypt's underlying hash function were exactly the same speed, this would be equivalent to a bcrypt cost of about 13. I prefer SHA-2 because Blowfish (and especially bcrypt's Blowfish-based hash function) are not as widely used or studied.


Title: Re: Why not use Bcrypt?
Post by: Muhammed Zakir on February 25, 2015, 04:44:38 PM
If forum is using SHA-256, then it is fine for me! Bcrypt is indeed very slow compared to others and is somewhat similar to Bcrypt when Inread the comparison & above PDF. Thank you, theymos, for replying!

   -MZ