You guys know that I’m not a cryptography expert. In fact, I didn’t use hashing and salting well until my second year as a programmer during college.
It’s recently come to my attention that using MD5 or SHA as your hashing methods is not good enough.
While it does its job at hashing data, the problem is that it’s just too fast.
A determined computer hacker with enough horsepower (machines) can verify passwords really fast. For example, a modern server can calculate the MD5 hash over 320MB every second.
Even worse, according to Coda Hale:
If you’re willing to spend about 2,000 USD and a week or two picking up CUDA, you can put together your own little supercomputer cluster which will let you try around 700,000,000 passwords a second. And that rate you’ll be cracking those passwords at the rate of more than one per second.
You see the problem?
BCrypt solves that problem, by using a work factor. Meaning, you decide how long it’s going to take to hash data. So no matter how faster computers get, you can tweak up that factor and still hash your passwords at the speed you wish.
So how much slower you say? Coda Hale, says:
How much slower is bcrypt than, say, MD5? Depends on the work factor. Using a work factor of 12, bcrypt hashes the password ‘yaaa’ in about 0.3 seconds on my laptop. MD5, on the other hand, takes less than a microsecond.
So we’re talking about 5 or so orders of magnitude. Instead of cracking a password every 40 seconds, I’d be cracking them every 12 years or so.
That would put a hacker back into 1st gear.
So lets see how we can use BCrypt in a .NET application using C#.
First, create a new Visual Studio console project and add a Library Package Reference using NuGet:
Click the online tab, and search for BCrypt.
Install it, and add the using directive:
using DevOne.Security.Cryptography.BCrypt;
And here’s a very simple example on how to use it:
string salt = BCryptHelper.GenerateSalt(6);
var hashedPassword = BCryptHelper.HashPassword("password", salt);
Console.WriteLine(BCryptHelper.CheckPassword("password", hashedPassword));
As you increase the size of the work factor you’ll see the program takes more time exponentially. This is a miniscule nuisance to our end user, but a real wrench in the machine for the hackers.
NOTE: The library doesn’t tell you this, but your work factor must be within 4 and 31 (inclusive).
How is the salt being saved? After all the salt has to be somewhere in order for it to verify a hash and a salt combination, correct? It’s being appended to the hash. If you see the source code of the library, you can see:
StringBuilder rs = new StringBuilder();
rs.Append("$2");
if (minor >= 'a') {
rs.Append(minor);
}
rs.Append('$');
if (rounds < 10) {
rs.Append('0');
}
rs.Append(rounds);
rs.Append('$');
rs.Append(EncodeBase64(saltBytes, saltBytes.Length));
rs.Append(EncodeBase64(hashed,(bf_crypt_ciphertext.Length * 4) - 1));
return rs.ToString();
Have fun, and please use BCrypt for your applications and websites. It’s safer!
I think you meant to say ‘It’s being appended to the hash.’ in the last paragraph.
Correct! Good catch, thanks for pointing it out.
Many thanks for your blog. So that I am clear, you only save the hashed password to your database, and not the salt too? When the user logins again, you retrieve the hashed password and run the CheckPassword method?
Hi there. When you are using BCrypt, the salt is automatically appended to the hash and saved as a single value.
You can safely save this to a single column in your database and the salt will be there, and BCrypt will know where to look for it because it uses a delimeter to separate the hash from the salt.
Roland: just store the hash, it has the info you need to recreate the hash given the raw password text.