Mathstodon

0 posts0 participants0 posts today

Felix Palmen :freebsd: :c64:<a href="https://mastodon.bsd.cafe/@jadi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@jadi</a> This "<a href="https://mastodon.bsd.cafe/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenBSD</a> is secure!" claim always annoyed me a lot, mainly because it doesn't tell anything: <a href="https://mastodon.bsd.cafe/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> in IT can only ever be defined in a context of <a href="https://mastodon.bsd.cafe/tags/threat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threat</a> models. Without that, it's meaningless. Somewhat recently, I discovered this:<a href="https://isopenbsdsecu.re/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://isopenbsdsecu.re/</a>I should warn it uses some sarcasm and other confrontative language in some parts, unfortunately. But it seems to be a pretty professional analysis and assessment of (mostly) the "mitigations" OpenBSD provides in an attempt to counter "typical" attacks by at least making them harder.I should also add that I consider this a very interesting and helpful read, and still consider OpenBSD a great project that came up with lots of great stuff (I recently used their <a href="https://mastodon.bsd.cafe/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bcrypt</a> code after doing some research on password hashing, for example). And I don't agree with every single criticism on that page either. I just think it's important to build assessments whether something "is secure" on a serious analytical foundation.

ArtemisThat feeling when you forgot your password but it's been a local install anyway so you just sqlite3 into the database and generate a new bcrypt with Ruby.<a href="https://toot.cafe/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bcrypt</a> <a href="https://toot.cafe/tags/Ruby" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ruby</a> <a href="https://toot.cafe/tags/Sqlite" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Sqlite</a>

Felix Palmen :freebsd: :c64:So, there we are: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> has its second credentials checker module, using <a href="https://mastodon.bsd.cafe/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#password</a> <a href="https://mastodon.bsd.cafe/tags/files" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#files</a>, partially <a href="https://mastodon.bsd.cafe/tags/apache" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apache</a> <a href="https://mastodon.bsd.cafe/tags/htpasswd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#htpasswd</a> compatible (only <a href="https://mastodon.bsd.cafe/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bcrypt</a>, using <a href="https://mastodon.bsd.cafe/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenBSD</a>'s code). 🥳 <a href="https://github.com/Zirias/swad/commit/385bc5286c607c7220067844c37bc5eb6cb6c18c" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Zirias/swad/commit/385bc5286c607c7220067844c37bc5eb6cb6c18c</a><a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#C</a> <a href="https://mastodon.bsd.cafe/tags/coding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#coding</a>

Felix Palmen :freebsd: :c64:<a href="https://bsd.network/@lcheylus" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@lcheylus</a> That's where I pulled from. Still took quite a while.So, now, this looks kind of messy, but I *think* I can build <a href="https://mastodon.bsd.cafe/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenBSD</a>'s unmodified <a href="https://mastodon.bsd.cafe/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bcrypt</a> code on several (many?) systems wrapping it like this 🙈 <a href="https://github.com/Zirias/swad/blob/master/src/lib/swadbcrypt/bcrypt.c" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Zirias/swad/blob/master/src/lib/swadbcrypt/bcrypt.c</a>

Felix Palmen :freebsd: :c64:I need some advise: Is there a good portable and free (really free, not GPL!) <a href="https://mastodon.bsd.cafe/tags/implementation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#implementation</a> of <a href="https://mastodon.bsd.cafe/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bcrypt</a> in <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#C</a> around?There's <a href="https://mastodon.bsd.cafe/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenBSD</a> source I could use, but integrating that would probably be quite a hassle...Background: I want to start creating a second credential checker for <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#swad</a> using files. And it probably makes sense to support a sane subset of <a href="https://mastodon.bsd.cafe/tags/Apache" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Apache</a>'s <a href="https://mastodon.bsd.cafe/tags/htpasswd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#htpasswd</a> format here. Looking at the docs: <a href="https://httpd.apache.org/docs/current/misc/password_encryptions.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://httpd.apache.org/docs/current/misc/password_encryptions.html</a> ... the "sane subset" seems to be just bcrypt. *MAYBE* also this apache-specific flavor of "iterated" MD5, although that sounds a bit fishy ...

CycloneNew version of <a href="https://infosec.exchange/tags/hashgen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hashgen</a> published.Changelog: v1.1.0; 2025-03-19 added modes: <a href="https://infosec.exchange/tags/base58" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#base58</a>, <a href="https://infosec.exchange/tags/argon2id" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#argon2id</a>, <a href="https://infosec.exchange/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bcrypt</a> w/custom cost factor<a href="https://forum.hashpwn.net/post/89" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://forum.hashpwn.net/post/89</a><a href="https://infosec.exchange/tags/hashgenerator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hashgenerator</a> <a href="https://infosec.exchange/tags/hashcracking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hashcracking</a> <a href="https://infosec.exchange/tags/hashcat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hashcat</a> <a href="https://infosec.exchange/tags/hashpwn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hashpwn</a> <a href="https://infosec.exchange/tags/cyclone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cyclone</a> <a href="https://infosec.exchange/tags/golang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#golang</a>

Erik van Straten<a href="https://infosec.exchange/@sophieschmieg" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@sophieschmieg</a> <a href="https://infosec.exchange/@neilmadden" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@neilmadden</a> IMO we need to stop coming up with algorithms to securely store "derivatives" of typically weak passwords, as IT WILL FAIL.From <a href="https://www.akkadia.org/drepper/SHA-crypt.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.akkadia.org/drepper/SHA-crypt.txt</a>: ❝ In addition, the produced output for [...] MD5 has a short length which makes it possible to construct rainbow tables. ❞Please correct me if I'm wrong, but even in 2025 suggesting that a rainbow table is feasible for (lets cut a few bits for MD5 weaknesses) random numbers of 120 bits in length is BS (in order to create FUD).If I'm right about that, the least bad thing to do is:1) Everyone should use a password manager (pwmgr) because people simply do not have the ability to come up with a sufficiently strong password that is *unique for each account*, let alone for multiple accounts (sometimes hundreds), to remember them absolutely error-free, and to recall which password was chosen for which account.Note: IMO password *reuse* currently is the biggest threat. Entering a reused password on a fake (phishing) website may have devastating consequences, because (when a password is reused for multiple accounts) chances are that ALL those accounts are compromised. Note that the complexity and uniqueness of the password are IRELLEVANT. And, what KDF is used on the server, is IRRELEVANT as well.2) Let the pwngr generate a (cryptographically) random password, as long and with as much entropy as allowed by the server.3) Use a strong master password and NEVER forget it (typical beginner failure).4) Make sure the database is backed up in more than one place, and make a backup after each modification.5) Make sure that the device the password mamager is used on, *never* gets compromised.6) Double check that https:// is used. Better, make sure to use a browser that blocks http:// connections and warns you (Safari on iOS/iPadOS now supports "Not Secure Connection Warning"). In all browsers such a setting is OFF by default: ENABLE IT!7) On a mobile device: use "Autofill". The OS then transfers the domain name (shown in the browser's address bar) to the pwmgr. If a matching domain name is *not found* in the pw database, assume that you're on a (fake) phishing website! In that case: DO NOT ATTEMPT TO LOG IN by looking up credentials yourself. Reasons for 7, two examples: ---- fake: circle-ci·com real: circleci.com ---- fake: lîdl.be real: lidl.be ----If people would follow this advice (which is not just mine), even MD5 for storing a one-way derivative of the password on the server would be fine.HOWEVER: don't use MD5 - because "never use MD5 for whatever" is easier to remember than "don't use MD5 if preimage attacks are possible".P.S. I'm not a cryptographer (although I'm quite interested in the matter).<a href="https://infosec.exchange/tags/MD5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MD5</a> <a href="https://infosec.exchange/tags/PasskeysStillSuck" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasskeysStillSuck</a> <a href="https://infosec.exchange/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordManager</a> <a href="https://infosec.exchange/tags/Autofill" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Autofill</a> <a href="https://infosec.exchange/tags/DomainName" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DomainName</a> <a href="https://infosec.exchange/tags/httpVShttps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#httpVShttps</a> <a href="https://infosec.exchange/tags/httpsVShttp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#httpsVShttp</a> <a href="https://infosec.exchange/tags/KDF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KDF</a> <a href="https://infosec.exchange/tags/Argon2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Argon2</a> <a href="https://infosec.exchange/tags/scrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scrypt</a> <a href="https://infosec.exchange/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bcrypt</a> <a href="https://infosec.exchange/tags/KeyDerivationFunction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KeyDerivationFunction</a> <a href="https://infosec.exchange/tags/OneWayDerivative" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OneWayDerivative</a> <a href="https://infosec.exchange/tags/HashFunction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HashFunction</a> <a href="https://infosec.exchange/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cryptography</a> <a href="https://infosec.exchange/tags/CryptographicHashFunction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CryptographicHashFunction</a>

manitu GmbH<a href="https://manitu.social/tags/TalesFromSupport" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TalesFromSupport</a>"Hallo, ich habe mein Passwort vergessen. Könnt ihr mir mein altes zuschicken?"Nein. Und das ist auch gut so. 😅<a href="https://manitu.social/tags/Passwort" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passwort</a> <a href="https://manitu.social/tags/Hash" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hash</a> <a href="https://manitu.social/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bcrypt</a>

Luboš Račanský„The <a href="https://witter.cz/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bcrypt</a> password hashing function should only be used for password storage in legacy systems where <a href="https://witter.cz/tags/Argon2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Argon2</a> and scrypt are not available.“ <a href="https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#bcrypt" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#bcrypt</a> <a href="https://witter.cz/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://witter.cz/tags/owasp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#owasp</a>

LavX NewsWhen Postgres Index Meets Bcrypt: Unraveling Performance MysteriesA deep dive into the performance pitfalls of using Bcrypt with Postgres, revealing how improper hashing can lead to significant delays in data retrieval. This article explores the intricate relationsh...<a href="https://news.lavx.hu/article/when-postgres-index-meets-bcrypt-unraveling-performance-mysteries" rel="nofollow noopener noreferrer" target="_blank">https://news.lavx.hu/article/when-postgres-index-meets-bcrypt-unraveling-performance-mysteries</a><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a> <a href="https://mastodon.cloud/tags/DatabaseOptimization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DatabaseOptimization</a> <a href="https://mastodon.cloud/tags/Postgres" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Postgres</a> <a href="https://mastodon.cloud/tags/Bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Bcrypt</a>

Erik C. ThauvinHashing Passwords: Why MD5 and SHA Are Outdated, and Why You Should Use Scrypt or Bcrypt<a href="https://mastodon.social/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bcrypt</a> <a href="https://mastodon.social/tags/md5" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#md5</a> <a href="https://mastodon.social/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#password</a> <a href="https://mastodon.social/tags/scrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#scrypt</a> <a href="https://mastodon.social/tags/sha" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sha</a><a href="https://dev.to/lovestaco/hashing-passwords-why-md5-and-sha-are-outdated-and-why-you-should-use-scrypt-or-bcrypt-48p2" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://dev.to/lovestaco/hashing-passwords-why-md5-and-sha-are-outdated-and-why-you-should-use-scrypt-or-bcrypt-48p2</a>

Gonçalo Valério"What Okta Bcrypt incident can teach us about designing better APIs"<a href="https://n0rdy.foo/posts/20250121/okta-bcrypt-lessons-for-better-apis/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://n0rdy.foo/posts/20250121/okta-bcrypt-lessons-for-better-apis/</a><a href="https://s.ovalerio.net/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://s.ovalerio.net/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bcrypt</a> <a href="https://s.ovalerio.net/tags/apis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apis</a> <a href="https://s.ovalerio.net/tags/okta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#okta</a> <a href="https://s.ovalerio.net/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Nicolas Fränkel 🇺🇦🇬🇪What <a href="https://mastodon.top/tags/Okta" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Okta</a> <a href="https://mastodon.top/tags/Bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Bcrypt</a> incident can teach us about designing better <a href="https://mastodon.top/tags/APIs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APIs</a><a href="https://itnext.io/what-okta-bcrypt-incident-can-teach-us-about-designing-better-apis-b87efe2bb830" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://itnext.io/what-okta-bcrypt-incident-can-teach-us-about-designing-better-apis-b87efe2bb830</a>

SoatokBeyond BcryptIn 2010, Coda Hale wrote <a href="https://codahale.com/how-to-safely-store-a-password/" rel="nofollow noopener noreferrer" target="_blank">How To Safely Store A Password</a> which began with the repeated phrase, “Use bcrypt”, where the word bcrypt was linked to a different implementation for various programming languages. This had two effects on the technology blogosphere at the time:<ol><li>It convinced a lot of people that bcrypt was the right answer for storing a password.</li><li>It created a meme for how technology bloggers recommend specific cryptographic algorithms when they want attention from Hacker News.</li></ol>At the time, it was great advice! Credit: <a href="https://cmykat.carrd.co/" rel="nofollow noopener noreferrer" target="_blank">CMYKat</a> In 2010, bcrypt was the only clearly good answer for password hashing in most programming languages.In the intervening almost fifteen years, we’ve learned a lot more about passwords, password cracking, authentication mechanism beyond passwords, and password-based cryptography.<blockquote>If you haven’t already <a href="https://soatok.blog/2022/12/29/what-we-do-in-the-etc-shadow-cryptography-with-passwords/" rel="nofollow noopener noreferrer" target="_blank">read my previous post about password-based cryptography</a>, you may want to give that one a once-over before you continue.</blockquote>But we’ve also learned a lot more about bcrypt, its limitations, the various footguns involved with using it in practice, and even some cool shit you can build with it.In light of a recent discussion about <a href="https://github.com/WordPress/wordpress-develop/pull/7333" rel="nofollow noopener noreferrer" target="_blank">switching WordPress’s password hashing algorithm</a> from PHPass (which is based on MD5) to bcrypt, I feel now is the perfect time to dive into this algorithm and its implications on real-world cryptography.Understanding Bcrypt in 2024Bcrypt is a password hashing function, but <a href="https://news.ycombinator.com/item?id=22028143" rel="nofollow noopener noreferrer" target="_blank">not a password KDF</a> or general-purpose cryptographic hash function.If you’re using a sane password storage API, such as <a href="https://www.php.net/manual/en/function.password-hash.php" rel="nofollow noopener noreferrer" target="_blank">PHP’s password API</a>, you don’t even need to think about salting your passwords, securely verifying passwords, or handling weird error conditions. Instead, you only need concern yourself with the “cost” factor, which exponentially increases the runtime of the algorithm.There’s just one problem: bcrypt silently truncates after 72 characters (or rather, bytes, if you’re pedantic and assume non-ASCII passwords, such as emoji).Here’s a quick script <a href="https://3v4l.org/cRhjD" rel="nofollow noopener noreferrer" target="_blank">you can run yourself</a> to test this: <pre><?php$example1 = str_repeat('A', 72);$example2 = $example1 . 'B';$hash = password_hash($example1, PASSWORD_BCRYPT);var_dump(password_verify($example2, $hash));</pre> This may sound ludicrous (“who uses 72 character passwords anyway?”) until you see security advisories like <a href="https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/" rel="nofollow noopener noreferrer" target="_blank">this recent one from Okta</a>.<blockquote>The Bcrypt algorithm was used to generate the cache key where we hash a combined string of userId + username + password. Under a specific set of conditions, listed below, this could allow users to authenticate by providing the username with the stored cache key of a previous successful authentication.(…)<ul><li>The username is 52 characters or longer</li></ul></blockquote>The other thing to consider is that many people use passphrases, such as those generated from Diceware, which produce longer strings with less entropy per character.If you use bcrypt as-is, you will inevitably run into this truncation at some point.“Let’s pre-hash passwords!”In response to this limitation, many developers will suggest pre-hashing the password with a general purpose cryptographic hash function, such as SHA-256.And so, in pursuit of a way to avoid one footgun, developers introduced two more. <a href="https://bsky.app/profile/ajlovesdinos.bsky.social" rel="nofollow noopener noreferrer" target="_blank">AJ</a> Truncation on NUL BytesIf you use the raw binary output of a hash function as your password hash, be aware <a href="https://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html" rel="nofollow noopener noreferrer" target="_blank">that bcrypt will truncate on NUL (<code>0x00</code>) bytes</a>.With respect to the WordPress issue linked above, the default for PHP’s hashing API is to output hexadecimal characters.This is a bit wasteful. Base64 is preferable, although any isomorphism of the raw hash output that doesn’t include a <code>0x00</code> byte is safe from truncation.Hash ShuckingWhen a system performs a migration from a cryptographic hash function (e.g., MD5) to bcrypt, they typically choose to re-hash the existing hash with bcrypt. Because users typically reuse passwords, you can often take the fast, unsalted hashes from another breach and use it as your password dictionary for bcrypt. If then you succeed in verifying the bcrypt password for a fast hash, you can then plug the fast hash into software like Hashcat, and then crack the actual password at a much faster rate (tens of billions of candidates/second, versus thousands per second).This technique is called <a href="https://youtu.be/OQD3qDYMyYQ?t=1462" rel="nofollow noopener noreferrer" target="_blank">hash shucking</a> (YouTube link).You can avoid hash shucking by using HMAC with a static key–either universal for all deployments of your software, or unique per application. It doesn’t really matter which you choose; all you really need from it is domain separation from naked hashes.<blockquote>I frequently see this referred to as “peppering”, but the term “pepper” isn’t rigidly defined anywhere.</blockquote>One benefit of using a per-application HMAC secret does make your hashes harder to crack if you don’t know this secret.For balance, one downside is that your hashes are no longer portable across applications without managing this static key.Disarming Bcrypt’s FootgunsAltogether, it’s quite straightforward to avoid bcrypt’s footguns, as <a href="https://github.com/WordPress/wordpress-develop/pull/7333#pullrequestreview-2449232465" rel="nofollow noopener noreferrer" target="_blank">I had recommended to WordPress last week</a>.<ol><li>Pre-hash with HMAC-SHA512.</li><li>Ensure the output of step 1 is base64-encoded.</li><li>Pass the output of step 2 to PHP’s password API.</li></ol>Easy, straightforward, and uncontroversial. Right?Objections to Bcrypt DisarmamentThe linked discussion was <a href="https://github.com/WordPress/wordpress-develop/pull/7333#issuecomment-2499156613" rel="nofollow noopener noreferrer" target="_blank">tedious</a>, so I will briefly describe the objections raised to my suggestion.<ol><li>This is “rolling our own crypto”.<ul><li>Answer: No, it’s a well-understood pattern that’s been discussed in the PHP community for well over a decade.</li></ul></li><li>Passwords over 72 characters are rare and not worthy of our consideration.<ul><li>Answer: No, this has bit people in unexpected ways before (see: Okta).When you develop a popular CMS, library, or framework, you cannot possibly know all the ways that your software will be used by others. It’s almost always better to be misuse-resistant.</li></ul></li><li>Pre-hashing introduces a Denial-of-Service attack risk.<ul><li>Answer: No. Bcrypt with a cost factor of 10 is about 100,000 times as expensive as SHA2.</li></ul></li><li>This introduces a risk of hash shucking.<ul><li>As demonstrated above, HMAC doesn’t suffer this problem (assuming the key is reasonably selected).</li></ul></li><li>Base64 encoding reduces entropy.<ul><li>Answer: No, it’s isomorphic.</li></ul></li><li>Base64 with the 72 character truncation reduces entropy.<ul><li>Answer: We’re still truncating SHA-512 to more than 256 bits of its output, so this doesn’t actually matter for any practical security reason.</li></ul></li><li>This would necessitate a special prefix (e.g. <code>$2w$</code>) to distinguish disarmed bcrypt from vanilla bcrypt that PHP’s password API wouldn’t know what to do with.<ul><li>This is a trivial concern, for which the fix is also trivial: After password_hash(), modify the prefix with a marker to indicate pre-hashing. Before password_verify(), swap the original prefix back in.</li></ul></li></ol>There were some other weird arguments (such as “Bcrypt is approved by NIST for FIPS”, which is just plain false).Why Bcrypt Truncating SHA-512 Doesn’t MatterIf you have a random secret key, HMAC-SHA-512 is a secure pseudorandom function that you can treat as a <a href="https://crypto.stackexchange.com/a/880" rel="nofollow noopener noreferrer" target="_blank">Random Oracle</a>. Because it’s HMAC, you don’t have to worry about Length Extension Attacks at all. Therefore, the best known attack strategy is to produce a collision.The raw binary output of SHA-512 is 64 characters, but may contain NUL characters (which would truncate the hash). To avoid this, we base64-encode the output.When you base64-encode a SHA-512 hash, the output is 88 characters (due to base64 padding). This is longer than the 72 characters supported by bcrypt, so it will truncate silently after 72 characters.This is still secure, but to prove this, I need to use math.First, let’s assume you’re working with an extremely secure, high-entropy password, and might be negatively impacted by this truncation. How bad is the damage in this extreme case?There are 64 possible characters in the base64 alphabet. That’s tautology, after all.If you have a string of length 72, for which each character can be one of 64 values, you can represent the total probability space of possible strings as .If you know that , you can do a little bit of arithmetic and discover this quantity equal to .As I discussed in <a href="https://soatok.blog/2024/07/01/blowing-out-the-candles-on-the-birthday-bound/" rel="nofollow noopener noreferrer" target="_blank">my deep dive on the birthday bound</a>, you can take the cube root of this number to find what I call the Optimal Birthday Bound.This works out to samples in order to find a probability of a single collision.This simply isn’t going to happen in our lifetimes. 2^-144 is about 17 trillion times less likely than 2^-100. The real concern is the entropy of the actual password, not losing a few bits from a truncated hash.After all, even though the outputs of HMAC-SHA512 are indistinguishable from random when you don’t know the HMAC key, the input selection is entirely based on the (probably relatively easy-to-guess) password.“Why not just use Argon2 or Scrypt?”Argon2 and scrypt don’t have the bcrypt footguns. You can hash passwords of arbitrary length and not care about NUL characters. They’re great algorithms.Several people involved in the Password Hashing Competition (that selected Argon2 as its winner) have since lamented the emphasis on memory-hardness over <a href="https://github.com/Sc00bz/bscrypt#why-cache-hard" rel="nofollow noopener noreferrer" target="_blank">cache-hardness</a>. Cache-hardness is more important for short run-times (i.e., password-based authentication), while memory-hardness is more important for longer run-times (i.e., key derivation).As Sc00bz explains in the GitHub readme for <a href="https://github.com/Sc00bz/bscrypt?tab=readme-ov-file#why-cache-hard" rel="nofollow noopener noreferrer" target="_blank">his bscrypt project</a>:<blockquote>Cache hard algorithms are better than memory hard algorithms at shorter run times. Basically cache hard algorithms forces GPUs to use 1/4 to 1/16 of the memory bandwidth because of the large bus width (commonly 256 to 1024 bits). Another way to look at it is memory transactions vs bandwidth. Also the low latency of L2 cache on CPUs and the 8 parallel look ups let’s us make a lot of random reads. With memory hard algorithms, there is a point where doubling the memory quarters a GPU attacker’s speed. There then is a point at which a memory hard algorithm will overtake a cache hard algorithm. Cache hard algorithms don’t care that GPUs will get ~100% utilization of memory transactions because it’s already very limiting.</blockquote>Ironically, bcrypt is cache-hard, while scrypt and the flavors of Argon2 that most people use are not.Most of my peers just care that you use a password hashing algorithm at all. They don’t particularly care which. The bigger, and more common, vulnerability is not using one of them in the first place.I’m mostly in agreement with them, but I would prefer that anyone that chooses bcrypt takes steps to disarm its footguns.Turning Bcrypt Into a KDFEarlier, I noted that <a href="https://soatok.blog/2022/12/29/what-we-do-in-the-etc-shadow-cryptography-with-passwords/#pbcff" rel="nofollow noopener noreferrer" target="_blank">bcrypt is not a password KDF</a>. That doesn’t mean you can’t make one out of bcrypt. Ryan Castellucci is an amazing hacker; they managed <a href="https://github.com/ryancdotorg/bcrypt-ext" rel="nofollow noopener noreferrer" target="_blank">to do just that</a>.To understand why this is difficult, and why Ryan’s hack works, you need to understand what bcrypt actually is.Bcrypt is <a href="https://en.wikipedia.org/wiki/Bcrypt#Algorithm" rel="nofollow noopener noreferrer" target="_blank">a relatively simple algorithm</a> at its heart:<ol><li>Run the Blowfish key schedule, several times, over both the password and salt.</li><li>Encrypt the string <code>"OrpheanBeholderScryDoubt"</code> 64 times in ECB mode using the expanded key from step 1.</li></ol>Most of the heavy work in bcrypt is actually done in the key schedule; the encryption of three blocks (remember, Blowfish is a 64-bit block cipher) just ensures you need the correct resultant key from the key schedule.“So how do you get an encryption key out of bcrypt?”It’s simple: we, uh, <a href="https://github.com/ryancdotorg/bcrypt-ext/blob/cd6d6f52880c0242bd356b6bae5272a6feee1cfa/blowfish.c#L239-L246" rel="nofollow noopener noreferrer" target="_blank">hash the S-box</a>. <pre>static void BF_kwk(struct BF_data *data, uint8_t kwk[BLAKE2B_KEYBYTES]) { BF_word *S = (BF_word *)data->ctx.S; BF_htobe(S, 4*256); // it should not be possible for this to fail... int ret = blake2b_simple(kwk, BLAKE2B_KEYBYTES, S, sizeof(BF_word)*4*256); assert(ret == 0); BF_betoh(S, 4*256);}</pre> Using BLAKE2b to hash the S-box from the final Blowfish key expansion yields a key-wrapping key that can be used to encrypt whatever data is being protected.The only feasible way to recover this key is to provide the correct password and salt to arrive at the same key schedule.Any attack against the selection of S implies a cryptographic weakness in bcrypt, too. (I’ve already recommended <a href="https://github.com/ryancdotorg/bcrypt-ext/issues/1" rel="nofollow noopener noreferrer" target="_blank">domain separation</a> in a GitHub issue.) <a href="https://cmykat.carrd.co/" rel="nofollow noopener noreferrer" target="_blank">CMYKat</a> It’s worth remembering that Ryan’s design is a proof-of-concept, not a peer-reviewed design ready for production. Still, it’s a cool hack. It’s also <a href="https://github.com/openbsd/src/blob/f6e19f5194481d5e142c7da4fb7ca548e5bd10af/lib/libutil/bcrypt_pbkdf.c" rel="nofollow noopener noreferrer" target="_blank">not the first of its kind</a> (thanks, <a href="https://cybervillains.com/@djm/113555841495008970" rel="nofollow noopener noreferrer" target="_blank">Damien Miller</a>).If anyone was actually considering using this design, first, they should wait until it’s been adequately studied. Do not pass Go, do not collect $200.Additionally, the output of the BLAKE2b hash should be used as the input keying material for, e.g., <a href="https://soatok.blog/2021/11/17/understanding-hkdf/" rel="nofollow noopener noreferrer" target="_blank">HKDF</a>. This lets you split the password-based key into multiple application-specific sub-keys without running the password KDF again for each derived key.Wrapping UpAlthough bcrypt is still an excellent cache-hard password hashing function suitable for interactive logins, it does have corner cases that sometimes cause vulnerabilities in applications that misuse it.If you’re going to use bcrypt, make sure you use bcrypt in line with my recommendations to WordPress: HMAC-SHA-512, base64 encode, then bcrypt.Here’s a quick proof-of-concept for PHP software: <pre><?phpdeclare(strict_types=1);class SafeBcryptWrapperPoC{ private $staticKey; private $cost = 12; public function __construct( #[\SensitiveParameter] string $staticKey, int $cost = 12 ) { $this->staticKey = $staticKey; $this->cost = $cost; } /** * Generate password hashes here */ public function hash( #[\SensitiveParameter] string $password ): string { return \password_hash( $this->prehash($password), PASSWORD_BCRYPT, ['cost' => $this->cost] ); } /** * Verify password here */ public function verify( #[\SensitiveParameter] string $password, #[\SensitiveParameter] string $hash ): bool { return \password_verify( $this->prehash($password), $hash ); } /** * Pre-hashing with HMAC-SHA-512 here * * Note that this prefers the libsodium base64 code, since * it's implemented in constant-time */ private function prehash( #[\SensitiveParameter] string $password ): string { return \sodium_bin2base64( \hash_hmac('sha512', $password, $this->staticKey, true), \SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING ); }}</pre> You can see <a href="https://3v4l.org/WLB7q" rel="nofollow noopener noreferrer" target="_blank">a modified version of this proof-of-concept on 3v4l</a>, which includes the same demo from the top of this blog post to demonstrate the 72-character truncation bug.If you’re already using bcrypt in production, you should be cautious with adding this pre-hashing alternative. Having vanilla bcrypt and non-vanilla bcrypt side-by-side could introduce problems that need to be thoroughly considered.I can safely recommend it to WordPress because they weren’t using bcrypt before. Most of the people reading this are probably not working on the WordPress core.Addendum (2024-11-28)More of the WordPress team has chimed in to signal support for vanilla bcrypt, rather than disarming the bcrypt footgun.The reason?<blockquote>That would result in maximum compatibility for existing WordPress users who use the Password hashes outside of WordPress, while also not introducing yet-another-custom-hash into the web where it’s not overly obviously necessary, but while still gaining the bcrypt advantages for where it’s possible.<a href="https://github.com/WordPress/wordpress-develop/pull/7333#issuecomment-2505128884" rel="nofollow noopener noreferrer" target="_blank">dd32</a></blockquote>The hesitance to introduce a custom hash construction is understandable, but the goal I emphasized with bold text is weird and not a reasonable goal for any password storage system.It’s true that the overwhelming non-WordPress code written in PHP is just using the password hashing API. But that means they aren’t compatible with WordPress today. PHP’s password hashing API doesn’t implement phpass, after all.In addition to being scope creep for a secure password storage strategy, it’s kind of a bonkers design constraint to expect password hashes be portable. Why are you intentionally exposing hashes unnecessarily? <a href="https://cmykat.carrd.co/" rel="nofollow noopener noreferrer" target="_blank">CMYKat</a> At this point, it’s overwhelmingly likely that WordPress will choose to not disarm the bcrypt footguns, and will just ship it. That’s certainly not the worst outcome, but I do object to arriving there for stupid reasons, and that GitHub thread is full of stupid reasons and misinformation.The most potent source of misinformation also <a href="https://github.com/WordPress/wordpress-develop/pull/7333#issuecomment-2499314967" rel="nofollow noopener noreferrer" target="_blank">barked orders at me</a> and then tried to dismiss my technical arguments as the concerns of “the hobbyist community”, which was a great addition to my LinkedIn profile.If WordPress’s choice turns out to be a mistake–that is to say, that their decision for vanilla bcrypt introduces a vulnerability in a plugin or theme that uses their password hashing API for, I dunno, API keys?–at least I can say I tried.Additionally, WordPress cannot say they didn’t know the risk existed, especially in a courtroom, since me informing them of it is so thoroughly documented (and archived). <a href="https://cmykat.carrd.co/" rel="nofollow noopener noreferrer" target="_blank">CMYKat</a> Here’s to hoping the risk never actually manifests. Saying “I told you so” is more bitter than sweet in security. Happy Thanksgiving. Header image: Art by <a href="https://bsky.app/profile/mrjimmydafloof.bsky.social" rel="nofollow noopener noreferrer" target="_blank">Jim</a> and <a href="https://cmykat.carrd.co/" rel="nofollow noopener noreferrer" target="_blank">CMYKat</a>; a collage of some DEFCON photos, as well as Creative Commons photos of <a href="https://commons.wikimedia.org/wiki/File:Bruce_Schneier_at_CoPS2013-IMG_9174.jpg" rel="nofollow noopener noreferrer" target="_blank">Bruce Schneier</a> (inventor of the Blowfish block cipher) and <a href="https://commons.wikimedia.org/wiki/File:Niels_provos.jpg" rel="nofollow noopener noreferrer" target="_blank">Niels Provos</a> (co-designer of bcrypt, which is based on Blowfish).<a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/bcrypt/" target="_blank">#bcrypt</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/cryptography/" target="_blank">#cryptography</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/password-hashing/" target="_blank">#passwordHashing</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/passwords/" target="_blank">#passwords</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/security-guidance/" target="_blank">#SecurityGuidance</a>

WebsplainingHow To Make A WireGuard Easy (wg-easy) VPN Server With Web-Based Admin UI On An Ubuntu Linux VPS <a href="https://youtu.be/i-ezlKq7V54" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/i-ezlKq7V54</a> <a href="https://mastodon.online/tags/Websplaining" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Websplaining</a> <a href="https://mastodon.online/tags/WireGuard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WireGuard</a> <a href="https://mastodon.online/tags/wgeasy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#wgeasy</a> <a href="https://mastodon.online/tags/WireGuardEasy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WireGuardEasy</a> <a href="https://mastodon.online/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VPN</a> <a href="https://mastodon.online/tags/WireGuardVPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WireGuardVPN</a> <a href="https://mastodon.online/tags/VirtualPrivateNetwork" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VirtualPrivateNetwork</a> <a href="https://mastodon.online/tags/VPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VPS</a> <a href="https://mastodon.online/tags/VirtualPrivateServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VirtualPrivateServer</a> <a href="https://mastodon.online/tags/Docker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Docker</a> <a href="https://mastodon.online/tags/CloudServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudServer</a> <a href="https://mastodon.online/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ubuntu</a> <a href="https://mastodon.online/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> <a href="https://mastodon.online/tags/UbuntuLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UbuntuLinux</a> <a href="https://mastodon.online/tags/Bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Bcrypt</a> <a href="https://mastodon.online/tags/PasswordHash" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordHash</a> <a href="https://mastodon.online/tags/PasswordHasher" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordHasher</a> <a href="https://mastodon.online/tags/GeneratePasswordHash" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GeneratePasswordHash</a> <a href="https://mastodon.online/tags/WebUI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebUI</a> <a href="https://mastodon.online/tags/WebBasedUI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebBasedUI</a> <a href="https://mastodon.online/tags/UserInterface" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UserInterface</a> <a href="https://mastodon.online/tags/AdminUI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AdminUI</a> <a href="https://mastodon.online/tags/UI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UI</a> <a href="https://mastodon.online/tags/Server" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Server</a>

sekurak NewsZhackowano Internet Archive. Wyciek ~31 milionów rekordów z danymi logowaniaNa razie nie wiadomo jak doszło do wycieku, w każdym razie ktoś udostępnił ~6GB plik zawierający dane logowania (w szczególności hasła bcrypt, e-maile). Najwyraźniej atakującym udało się też uzyskać dostęp do modyfikacji treści samego serwisu web.archive.org – wg relacji odwiedzający widzieli taki popup w JavaScript: I rzeczywiście, dane te już...<a href="https://mastodon.com.pl/tags/WBiegu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WBiegu</a> <a href="https://mastodon.com.pl/tags/Awareness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Awareness</a> <a href="https://mastodon.com.pl/tags/Bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Bcrypt</a> <a href="https://mastodon.com.pl/tags/Wyciek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wyciek</a><a href="https://sekurak.pl/zhackowano-internet-archive-wyciek-31-milionow-rekordow-z-danymi-logowania/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://sekurak.pl/zhackowano-internet-archive-wyciek-31-milionow-rekordow-z-danymi-logowania/</a>

Royce WilliamsSo ... due to an early obsession with historical BSD hashes ... I have significantly more bcrypt hashrate-per-watt cracking capacity than most solo shops. For bcrypt cost 12, it's about 34Kh/s straight wordlist -- the equivalent of about 17 4090s -- at only 1100W (these old Bitcoin FPGAs are very efficient for bcrypt specifically). And this capacity is intermittently idle, which is kinda a shame.I haven't really put it out there as something I can help with if needed (outside of the Hashcat team). So ... feel free to ping me if you need bcrypts cracked/audited!(Reasonable rates, but note that I do have a pretty firmly high bar for provenance / proof of authorization)(Rat's nest of USB has been cleaned up a bit 😅)<a href="https://infosec.exchange/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bcrypt</a> <a href="https://infosec.exchange/tags/PasswordCracking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordCracking</a> <a href="https://infosec.exchange/tags/hashing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hashing</a>

André Jaenisch Web-Development & -ConsultingLaravel ist lustig. Bei mir baut er TailwindCSS anders (mit `!important`) als bei den anderen. Sei's drum. Meine überarbeitete Seite wurde akzeptiert und ich habe mich an die Login-Seite gemacht. Mit Browser-Test. Ich muss sagen, <a href="https://fedi.jaenis.ch/tags/laravel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Laravel</a> enttäuscht mich da. Von Haus aus muss ein Passwort acht Zeichen oder länger sein. Es wird mit <a href="https://fedi.jaenis.ch/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bcrypt</a> verschlüsselt gespeichert. Zum einen sind damit Passwörter wie „01234567890“ okay (aber in Sekunden erraten), zum anderen ist der Algorithmus nur noch für Legacy-Systeme zu empfehlen (Argon oder scrypt wären laut OWASP Cheatsheet zu empfehlen) und zum Dritten konnte ich weder etwas zu Salt noch zu Pepper lesen. Standardeinstellungen sind so wichtig und gerade Frameworks sehe ich da in der Verantwortung. Aber das ist noch nicht alles. Als ich den Browsertest für das Login geschrieben habe, musste ich vorher eine Registrierung durchlaufen. Das führt zum Dashboard. Das Logout ist in einem Hamburgermenü versteckt und hat ein Anchor-Element, welches per JavaScript ein Formular absendet. Die /logout-Route akzeptiert keine GET-Anfragen. Semantisch eine Vollkatastrophe und seit mindestens vier Jahren Teil der Standard-Austattung! Das zugehörige Repo hat keinen Issue-Tracker. Welchen Kanal nutzt die Laravel-Community für Verbesserungsvorschläge?

Johnny Graber<a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Python</a> Friday #227: Hash a Password With <a href="https://mastodon.social/tags/Bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Bcrypt</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/FastAPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FastAPI</a><a href="https://improveandrepeat.com/2024/05/python-friday-227-hash-a-password-with-bcrypt/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://improveandrepeat.com/2024/05/python-friday-227-hash-a-password-with-bcrypt/</a>

Royce WilliamsHey, <a href="https://ioc.exchange/@nielsprovos" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nielsprovos</a> - if I may impose ... I saw someone asking why the minimum bcrypt cost is 4, and realized that I had no idea(!) So I spent some time with your USENIX presentation[1] and the code[2], but couldn't see an immediate answer, other than an uninformed guess that F starts with four arrays. What's the real answer?<ol><li><a href="https://www.usenix.org/legacy/publications/library/proceedings/usenix99/full_papers/provos/provos_html/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.usenix.org/legacy/publications/library/proceedings/usenix99/full_papers/provos/provos_html/</a></li><li><a href="https://github.com/openbsd/src/blob/master/lib/libc/crypt/bcrypt.c" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/openbsd/src/blob/master/lib/libc/crypt/bcrypt.c</a></li></ol><a href="https://infosec.exchange/tags/bcrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bcrypt</a>

Recent searches

Search options

Administered by:

Server stats:

#bcrypt