CTO News Hubb
Advertisement
  • Home
  • CTO News
  • IT
  • Technology
  • Tech Topics
    • AI
    • QC
    • Robotics
    • Blockchain
  • Contact
No Result
View All Result
  • Home
  • CTO News
  • IT
  • Technology
  • Tech Topics
    • AI
    • QC
    • Robotics
    • Blockchain
  • Contact
No Result
View All Result
CTO News Hubb
No Result
View All Result
Home Technology

Bcrypt, a Popular Password Hashing Algorithm, Starts Its Long Goodbye

May 26, 2023
in Technology


When data breaches went from being an occasional threat to a persistent fact of life during the early 2010s, one question would come up again and again as victim organizations, cybersecurity researchers, law enforcement, and regular people assessed the fallout from each incident: Which password hashing algorithm had the target used to protect its users’ passwords? 

If the answer was a faulty cryptographic function like SHA-1—not to mention the nightmare of passwords stored in plaintext with no encryption scrambling at all—the victim had more to worry about because it meant that it would be easier for whoever stole the data to crack the passwords, directly access users’ accounts, and try those passwords elsewhere to see if people had reused them. If the answer was the algorithm known as bcrypt, though, there was at least one less thing to panic about.

Bcrypt turns 25 this year, and Niels Provos, one of its coinventors, says that looking back, the algorithm has always had good energy, thanks to its open source availability and the technical characteristics that have fueled its longevity. Provos spoke to WIRED about a retrospective on the algorithm that he published this week in Usenix ;login:. Like so many digital workhorses, though, there are now more robust and secure alternatives to bcrypt, including the hashing algorithms known as scrypt and Argon2. Provos himself says that the quarter-century milestone is plenty for bcrypt and that he hopes it will lose popularity before celebrating another major birthday.

A version of bcrypt first shipped with the open source operating system OpenBSD 2.1 in June 1997. At the time, the United States still imposed stringent export limits on cryptography. But Provos, who grew up in Germany, worked on its development while he was still living and studying there.  

“One thing I found so surprising was how popular it became,” he says. “I think in part it’s probably because it was actually solving a problem that was real, but also because it was open source and not encumbered by any export restrictions. And then everybody ended up doing their own implementations in all these other languages. So these days, if you are faced with wanting to do password hashing, bcrypt is going to be available in every language that you could possibly operate in. But the other thing that I find interesting is that it’s even still relevant 25 years later. That is just crazy.”

Provos developed bcrypt with David Mazieres, a systems security professor at Stanford University who was studying at the Massachusetts Institute of Technology when he and Provos collaborated on bcrypt. The two met through the open source community and were working on OpenBSD.

Hashed passwords are put through an algorithm to be cryptographically transformed from something that’s readable into an unintelligible scramble. These algorithms are “one-way functions” that are easy to run but very difficult to decode or “crack,” even by the person who created the hash. In the case of login security, the idea is that you choose a password, the platform you’re using makes a hash of it, and then when you sign in to your account in the future, the system takes the password you input, hashes it, and then compares the result to the password hash on file for your account. If the hashes match, the login will be successful. This way, the service is only collecting hashes for comparison, not passwords themselves.   



Source link

Tags: encryptionhackingpasswordssecurity
Previous Post

Plex’s Lifetime Pass is Cheaper Than Ever Today

Next Post

A brain implant changed her life. Then it was removed against her will.

Next Post

A brain implant changed her life. Then it was removed against her will.

AI Robots Are Here. Are We Ready?

Trending News

A list of resources, articles, and opinion pieces relating to large language models & robotics

April 19, 2023

Are your hiring practices restricting the attraction of female tech talent?

March 8, 2023

Branch prediction

December 31, 2022

© CTO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • CTO News
  • IT
  • Technology
  • AI
  • QC
  • Robotics
  • Blockchain
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • CTO News
  • IT
  • Technology
  • Tech Topics
    • AI
    • QC
    • Robotics
    • Blockchain
  • Contact

© 2021 JNews – Premium WordPress news & magazine theme by Jegtheme.

SUBSCRIBE TO OUR WEEKLY NEWSLETTERS