How does bcrypt handle Moore's law?

Question

How does bcrypt handle Moore's law?

I saw recommendations for using bcrypt for hash passwords because of its ability to keep up with Moore's law.

Apparently, the reason for this is because it would take an attacker much longer to crack bcrypt hashes than the hash generated by a general-purpose hash function such as SHA256.

How is this possible? How can an algorithm be intentionally slow despite Moore's law?

+5

security passwords bcrypt hash

Henry Z Sep 17 '11 at 7:31

source share

2 answers

Thomas pornin · Answer 1 · 2011-09-17T14:02:46+0000

bcrypt is configured with the parameter "coefficient of work". Inside, he will perform a hash-like operation many times in a row. "Many" is the part that can be customized, up to several billion. So, to cope with Moore’s law, just collapse this setting. Another function that can be done as slowly as required is PBKDF2 (see the Iteration Count option).

Please note that the point of slow password hashing is to make things difficult for an attacker, but also mechanically slows down work for "honest systems"; what a compromise. See details (at security.stackexchange).

Ian Boyd · Answer 2 · 2012-10-09T13:32:48+0000

216 553 .

12 , 887 001 088 (2 ²⁹) .

BCrypt 4,342,912 (.. 2 ²²) ( = 12).

2 ³¹ /; 8 = 2 ³ 2 ³ * 231 = 2 ³⁴ /. 4 , 2 ² * 2 ³⁴= 2 ³⁶ /. 2 ²² * 2 ²⁹ () = 2 ⁵¹ () .

, 4-, -, 2 ⁵¹/2 ³⁶= 2 ¹⁵ (9 ) .

44 . 2 ⁴⁴ * 2 ²² = 2 ⁶⁶ . 2 ⁶⁶/2 ³⁶ cycles/second = 2 ³⁰ (34 ), .

, 18 .

: 34 , .
1,5 : 17
3 : 8,5
4.5: 4.25
6 : 2.125
7,5 : 1
9 : 6
10.5 : 3
12 : 6
13,5 : 3
15 : 10
17.5 : 5
19 : 63
20,5 : 31 .

bcrypt .

12 13, .

How does bcrypt handle Moore's law?

More articles: