A popular password hashing algorithm begins its long goodbye

When data breaches went from being an occasional threat to a persistent fact of life in the early 2010s, a question would come up again and again as victim organizations, cybersecurity researchers, law enforcement, and the public They commonly assessed the consequences of each incident: What password hashing algorithm had the target used to protect their users’ passwords?

If the answer was a faulty cryptographic function like SHA-1, not to mention the nightmare of passwords stored in plain text without any kind of hardcoded encryption, the victim had more to worry about because it meant it would be easier for whoever was stealing the data. . to crack passwords, access user accounts directly, and try those passwords elsewhere to see if people had reused them. However, if the answer was the algorithm known as bcrypt, there was at least one less thing to panic about.

Bcrypt turns 25 this year, and Niels Provos, one of its co-inventors, says that looking back, the algorithm has always had good energy, thanks to its open source availability and the technical features that have fueled its longevity. Provos spoke to WIRED about a algorithm hindsight he posted this week on Usenix ;login:. However, like so many digital workhorses, there are now stronger and more secure alternatives to bcrypt, including the hash algorithms known as scrypt and Argon2. Provos himself says that the quarter-century milestone is enough for bcrypt and that he hopes it loses popularity before celebrating another major birthday.

A version of bcrypt first shipped with the open source OpenBSD 2.1 operating system in June 1997. At the time, the United States still imposed strict export limits on cryptography. But Provos, who grew up in Germany, worked on its development while he was still living and studying there.

“One thing that I found so surprising was how popular it became,” he says. “I think in part it’s probably because I was actually solving a real problem, but also because it was open source and not subject to any export restrictions. And then they all ended up doing their own implementations in all these other languages. So these days, if you’re faced with the desire to hash passwords, bcrypt will be available in every language it can possibly operate in. But the other thing I find interesting is that it’s still relevant 25 years later. That’s crazy”.

Provos developed bcrypt with David Mazieres, a professor of systems security at Stanford University who was studying at the Massachusetts Institute of Technology when he and Provos collaborated on bcrypt. The two met through the open source community and were working on OpenBSD.

Encrypted passwords are put through an algorithm to cryptographically transform from something readable to an unintelligible encoding. These algorithms are “one-way functions” that are easy to execute but very difficult to decode or “crack”, even by the person who created the hash. In the case of login security, the idea is that you choose a password, the platform you’re using hashes it, and then when you log into your account in the future, the system takes the password you entered, hashed, and then compares the result with the password hash registered for your account. If the hashes match, the login will be successful. This way, the service only collects hashes for comparison, not the passwords themselves.


Scroll to Top