BCrypt is an adaptive cryptographic hash function for passwords. It incorporate a salt to protect against rainbow table attacks and is also an adaptive hash - over time it can be made slower and slower so it remains resistant to specific brute-force search attacks against the hash and the salt.
Questions tagged [bcrypt]
220 questions
132
votes
3 answers
Recommended # of rounds for bcrypt
What is nowadays (July 2012) the recommended number of bcrypt rounds for hashing a password for an average website (storing only name, emailaddress and home address, but no creditcard or medical information)?
In other words, what is the current…
Jason Smith
- 1,601
- 2
- 12
- 12
25
votes
3 answers
How is storing an API secret key in plaintext (in a database) secure?
The answers to this question Is it okay for API secret to be stored in plain text or decrypt-able? are somewhat unsettling to me. I'm trying to wrap my mind around how storing a secret key in plaintext is in any way secure.
This is how I'm imagining…
Rob
- 383
- 1
- 4
- 8
7
votes
1 answer
Is it possible to decrypt Bcrypt encryption?
I do have password that has been encrypted with Bcrypt and the salt . Is it possible if I want to decrypt the password into normal text ?
akiraro
- 111
- 1
- 1
- 2
6
votes
1 answer
How to get other people's bcrypt hashes to add to htpasswd file
I need to restrict some webpages to certain users and I do this using a .htpasswd file through nginx.
The problem is I need to add other people's bcrypt password hashes to my .htpasswd file. Would it be possible for them to generate it using…
user1812844
- 355
- 1
- 3
- 6
3
votes
3 answers
Is it safe (or a good idea) to advertise the use of bcrypt?
So, our database is using bcrypt with a high iteration/cost to store our users passwords. We're using https like intelligent people and we continue to work on finding ways to sidestep our own security before someone else does.
With that said, we are…
Niictar
- 307
- 2
- 7
2
votes
2 answers
HTTP Authentication with bcrypt done right
I have an android app that connects to a server through HTTP (notice the abscence of S, also android means Java, so nothing I'll hardcode in my app will be unreachable).
I want to store the password securely on my DB, so I wanted to use bcrypt (with…
Taiko
- 143
- 6
0
votes
3 answers
Do you need to use the same number of rounds for everyone with bcrypt?
I am going to be hashing user passwords on the client machine, and I would like the hash to be generated in 0.3 seconds.
Do I need to find the number of rounds myself and make every user use this number, or should the number of rounds depend on the…
user3100783
- 115
- 1
- 4
0
votes
1 answer
Search by hashed value
I would like to design a REST API endpoint (POST) that takes in some sensitive identifier information in the request body:
{
"someDataToSearch": "abcdefgh"
}
I then want to hash abcdefgh and search for that hash in our DB and return the…
theartv
- 1
0
votes
1 answer
BCrypt Tables for 6 digit numbers 000000-999999
This is an example of a bcrypt project I am working on. 2a and 04 are always used and the password is a 6 digit number from 000000 to 999999
Using 2a and 4 rounds is there a hash table or calculator out there somewhere that shows what the 6 digit…
jfrost1121
- 1
- 2
0
votes
2 answers
How is bcrypt able to generate secure random hashes? If someone nabs the hash from my db wouldn't they just be able to run it through bcrypt?
Sorry for being such a noob, but I'm having a hard time wrapping my head around this. I am using bcrypt to encode plain text passwords into unique hashes before I store them in my database or authenticate. But the part I don't quite understand is…
secondbreakfast
- 105
- 6