When data breach from an occasional threat to a persistent fact of life in the early 2010s, one question comes up again and again as victim organizations, cybersecurity researchers, law enforcement, and regular people alike assess the fallout from each incident: What password hashing algorithm has the target used to protect its users’ passwords?
If the answer is a flawed cryptographic function like SHA-1 — never mind the nightmare of passwords stored in plaintext without scrambling to encrypt — the victim will be especially worried because it means it’s easier for anyone who steals data to crack passwords, directly access users’ accounts, and try passwords elsewhere to see if people use them. If the answer is the algorithm known as bcrypt, however, there is at least one thing to be less afraid of.
Bcrypt turns 25 this year, and Niels Provos, one of its coinventors, says that looking back, the algorithm has always had great strength, thanks to the availability of open source and the technical characteristic that increases its longevity. Provos spoke to WIRED about an algorithm retrospective he published this week on Usenix ;login:. As with many digital workhorses, however, there are now stronger and more secure alternatives to bcrypt, including the hashing algorithm known as scrypt and Argon2. Provos himself says that the quarter-century milestone is a lot for bcrypt and that he hopes it will lose popularity before celebrating another big birthday.
A version of bcrypt first shipped with the open source operating system OpenBSD 2.1 in June 1997. At the time, the United States still imposed strict export restrictions on cryptography. But Provos, who grew up in Germany, worked to improve it while he was still living and studying there.
“One thing I find surprising is how popular it is,” he said. “I think on the one hand it’s probably because it actually solves a real problem, but also because it’s open source and not subject to any export restrictions. And then it all ended up doing their own implementations in all these other languages. So these days, if you’re faced with trying to do password hashing, bcrypt can be used in every language that you can use. That’s just crazy.”
Provos developed bcrypt with David Mazieres, a professor of systems security at Stanford University who studied at the Massachusetts Institute of Technology when he and Provos collaborated on bcrypt. The two met through the open source community and worked on OpenBSD.
Hashed passwords are put through an algorithm to be cryptographically transformed from something readable into an unintelligible scramble. These algorithms are “one-way functions” that are easyto run but very difficult to decode or “crack,” even for the person doing the hash. In the case of login security, the idea is that you choose a password, the platform you use creates a hash of it, and then when you sign into your account in the future, the system will retrieve the password you entered. -input, hash. it, and then compare the result with the password hash in the file for your account. If the hashes match, the login is successful. This way, the service only collects hashes for comparison, not the passwords themselves.