Techly NewsGet the app

Get the latest tech news

Why Bcrypt Can Be Unsafe for Password Hashing?


TL;DR: bcrypt ignores any bytes after the first 72 bytes, this is due to bcrypt being based on the Blowfish cipher which has this limitation. bcrypt has been a commonly used password hashing algorithm for decades, it’s slow by design, includes built-in salting, and has protected countless systems from brute-force attacks. But despite its solid reputation, it also has a few hidden limitations worth knowing about. Let’s take a look at this code:

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Bcrypt

Bcrypt

Related news:

News photo

Okta Bcrypt incident lessons for designing better APIs

« Warburg-Backed Princeton Enters Korea With First Data Center
Apple Speeds Planning for Replacing CEO Tim Cook Next Year »