[Owasp-leaders] Stepping through password hashing options

Jim Manico jim.manico at owasp.org
Mon Jun 25 06:57:45 UTC 2012

I am at the point where I feel there is absolutely no reason to use bcrypt
due to the small memory footprint used for computation. This is why scrypt
was created...

I need to read John's threat model a few more times - and I encourage all
of you to do the same. We plan to update the password cheat sheet soon with
this info.

More from us very soon...

Jim Manico
VP, Security Architecture
WhiteHat Security
(808) 652-3805

On Jun 25, 2012, at 12:05 AM, Adrian Hayes <adrian.hayes at owasp.org> wrote:

 Hi Jim,

Thought I'd chime in with a small suggestion here. Bcrypt has a input limit
of 55 bytes (according to the whitepaper), which is fine until someone
decides to have a really long config salt which essentially pushes the
user's password off the end. This would be bad, so I generally recommend
people append any app specific salt to the end of the user's password
(password + salt), and warn them against doing the opposite (salt +

bcrypt(password + config_salt, gensalt(workfactor))

I guess you could add that to your list of bcrypt caveats!

Adrian Hayes
OWASP New Zealand Chapter Leader (Wellington)

On 25/06/12 02:11, Jim Manico wrote:

bcrypt(user salt + config salt + password, work-factor)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120625/e042ba7e/attachment.html>

More information about the OWASP-Leaders mailing list