For the bcrypt file encryption utility, see Blowfish (cipher).
bcrypt
General
Designers
Niels Provos, David Mazières
First published
1999
Derived from
Blowfish (cipher)
Detail
Digest sizes
184 bit
Rounds
variable via cost parameter
bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999.[1] Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.
The bcrypt function is the default password hash algorithm for OpenBSD,[2][non-primary source needed] and was the default for some Linux distributions such as SUSE Linux.[3][failed verification]
There are implementations of bcrypt in C, C++, C#, Embarcadero Delphi, Elixir,[4] Go,[5] Java,[6][7] JavaScript,[8] Perl, PHP, Ruby, python and other languages.
^Provos N, Maziéres D (10 June 1999). A Future-Adaptable Password Scheme(PDF). 1999 USENIX Annual Technical Conference. Vol. Proceedings of the FREENIX Track. Monterey, California: The USENIX Association.
^"CVS log for src/lib/libc/crypt/bcrypt.c". CVS Repository. OpenBSD. 23 March 2014. Revision 1.32 (first mention of bcrypt in log). Retrieved 25 May 2023. minimal change to implementation of bcrypt to not require static globals
^"SUSE Security Announcement: (SUSE-SA:2011:035)". Security Advisories. SUSE. 23 August 2011. Archived from the original on 4 March 2016. Retrieved 20 August 2015. SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.
^Whitlock, David (21 September 2021). "Bcrypt Elixir: bcrypt password hashing algorithm for Elixir". GitHub. riverrun.
^"Package bcrypt". godoc.org.
^"jBCrypt - strong password hashing for Java". www.mindrot.org. Retrieved 2017-03-11.
^"bcrypt - A Java standalone implementation of the bcrypt password hash function". github.com. Retrieved 2018-07-19.
bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher and presented at USENIX in 1999. Besides...
winner of the Password Hashing Competition in 2015 bcrypt – blowfish-based password-hashing function bcrypt – blowfish-based cross-platform file encryption...
defghijklmnopqrstuvwxyz". bcrypt hashes are designed to be used in the same way as traditional crypt(3) hashes, but bcrypt's alphabet is in a different...
algorithms have been designed specifically for this purpose, including bcrypt, scrypt and, more recently, Lyra2 and Argon2 (the latter being the winner...
generate password hashes. A suitable password hashing function, such as bcrypt, is many orders of magnitude better than a naive function like simple MD5...
attacker, but not impractical with terabyte hard drives. The SHA2-crypt and bcrypt methods—used in Linux, BSD Unixes, and Solaris—have salts of 128 bits. These...
Provos contributed to the OpenBSD operating system, where he developed the bcrypt adaptive cryptographic hash function. He is the author of numerous software...
register). Since passwords were both hashed and salted (encrypted) using the bcrypt algorithm, the effort to decrypt all the passwords would have been very...
integrated circuits or graphics processing units relatively cheap. The bcrypt password hashing function requires a larger amount of RAM (but still not...
usernames, email and IP addresses, genders, birth dates and passwords stored as bcrypt hashes. Later that same year on July 14, researchers at Risk Based Security...
created to slow brute force searches.: 5.1.1.2 Slow hashes include pbkdf2, bcrypt, scrypt, argon2, Balloon and some recent modes of Unix crypt. For KDFs that...
access authentication prevents the use of a strong password hash (such as bcrypt) when storing passwords (since either the password, or the digested username...
released by the Impact Team. Passwords on the live site were hashed using the bcrypt algorithm. A security analyst using the Hashcat password recovery tool with...