[Owasp-leaders] Stepping through password hashing options

Jim Manico jim.manico at owasp.org
Mon Jun 25 06:57:45 UTC 2012


I am at the point where I feel there is absolutely no reason to use bcrypt
due to the small memory footprint used for computation. This is why scrypt
was created...

I need to read John's threat model a few more times - and I encourage all
of you to do the same. We plan to update the password cheat sheet soon with
this info.

More from us very soon...

--
Jim Manico
VP, Security Architecture
WhiteHat Security
(808) 652-3805

On Jun 25, 2012, at 12:05 AM, Adrian Hayes <adrian.hayes at owasp.org> wrote:

 Hi Jim,

Thought I'd chime in with a small suggestion here. Bcrypt has a input limit
of 55 bytes (according to the whitepaper), which is fine until someone
decides to have a really long config salt which essentially pushes the
user's password off the end. This would be bad, so I generally recommend
people append any app specific salt to the end of the user's password
(password + salt), and warn them against doing the opposite (salt +
password).

bcrypt(password + config_salt, gensalt(workfactor))

I guess you could add that to your list of bcrypt caveats!

-- 
Adrian Hayes
OWASP New Zealand Chapter Leader (Wellington)



On 25/06/12 02:11, Jim Manico wrote:

bcrypt(user salt + config salt + password, work-factor)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120625/e042ba7e/attachment.html>


More information about the OWASP-Leaders mailing list