Password hashing methods. Long way after bcrypt

Crypto AG in 1952, for decades the world leader in the cryptographic devices market.

Going back to Unix, experts back in the 70s were aware of the problem of executing a function too quickly crypt. In Unix (7th edition), the function was improved by introducing a 12-bit salt and iteration of the Data Encryption Standard (DES) cipher for password hashing. The result of using salt was a family of 2¹² different hash functions, and each user randomly selected their password from this family. The purpose of using a salt was not only to ensure that hashes are unique even for identical passwords, but also to make hash precomputation attacks much more difficult. The salted hashed password was stored in a password file, allowing the system to authenticate users without storing passwords in clear text.

For its time crypt was considered safe, but the development of computing power and US Crypto Export Restrictions paved the way for new password hashing algorithms such as MD5crypt (1994).



RSA code prohibited for export from the USA printed on a T-shirt in protest against restrictions on freedom of speech. A citizen dressed in this way had the right to travel abroad and show the T-shirt to foreign citizens

Concerns about the security of new algorithms led to the development bcrypt in 1997. It was the first to implement the concept of adaptive hashing, thanks to which brute force and dictionary attacks became computationally more complex (the algorithm is protected from future increases in hardware performance). Since its introduction in June 1997 as part of OpenBSD 2.1 and publications in USENIX in 1999 bcrypt has had a profound impact on the security industry.



Original scientific article describing bcrypt (1999)

In general, a quarter of a century of development of hashing functions and the brute force industry can be depicted in the following table:

Comparison of hashing functions and their security. The adaptable work factor means that the load on the CPU can be increased. Memory-hardness calculations mean that in addition to the CPU, the hashing algorithm also scales in memory

Brute force performance

Password cracking technology and hardware have evolved significantly over the past 30 years. Brute force power has increased greatly. It became obvious that password hashing algorithms needed to be adapted based on the cost of operation. That is, the algorithm itself must be designed in such a way as to make brute force unprofitable on modern equipment, and even better – with a safety margin for years to come.

To demonstrate this progress, here is rough estimates brute force speeds on computers of different years, as well as in different programs (Hashcat and John the Ripper). Please keep in mind that these numbers simply show a general trend and are not directly comparable due to differences in hardware and software. For clarity, the figures are published with all categories, without abbreviation to “million” and “billion”.

You can see that over the years, not only the complexity of the algorithms has been growing, but also the productivity of the hardware, as well as the efficiency of specialized programs.

For example, over 34 years, the speed of hash search des-crypt increased from 45 pieces to 6.3 billion per second.

At the same time old bcrypt remains one of the most difficult hashes to crack, especially with the maximum work factor. Although formally it is considered obsolete, in practice it is theoretically quite suitable for use, along with more modern, brute force-resistant algorithms scrypt And Argon2.

Passwords forever

What will happen next?

Modern hashing algorithms greatly reduce the effectiveness of brute force. But hash leaks are still a constant threat. On the other hand, the advent of multi-factor authentication (MFA) has shifted the focus to protecting user accounts with additional layers of verification, making passwords less critical to security.

In the modern world, cloud services are becoming increasingly widespread, where most important data is stored remotely. Simple brute force is ineffective at penetrating such systems, so attackers usually use vulnerabilities or social engineering.

A quarter of a century later, people still rely on passwords as the primary method of protecting computer information. Every year their complexity (entropy) increases, more complex hashing methods are introduced, but the text passwords/phrases themselves remain.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *