BCRYPT - Why doesn't the Linux Distributions use it by default?

linux security
5,095

Solution 1

A couple of reasons:

  1. The BCrypt-based scheme isn't NIST approved.

  2. Hash functions are designed for this kind of usage, whereas Blowfish wasn't.

  3. The added security is BCrypt is based on it being computationally expensive, rather than the type of algorithm. Relying on computationally expensive operations isn't good for long-term security.

See http://en.wikipedia.org/wiki/Crypt_%28Unix%29 for some discussion on this.

Solution 2

OpenSUSE 11.4 (at least) does use Bcrypt by default.

Solution 3

Ulrich Drepper, the glibc maintainer, rejected bcrypt support since isn't approved by NIST. See details the article bcrypt support for passwords in /etc/shadow

And his article on homepage Unix crypt with SHA-256/512

Share:
5,095
LanceBaynes
Author by

LanceBaynes

Updated on September 18, 2022

Comments

  • LanceBaynes
    LanceBaynes over 1 year
  • Geoff
    Geoff about 13 years
    Being computationally expensive is exactly why bcrypt is used for this application.
  • xenoterracide
    xenoterracide about 13 years
    @rob 4. bcrypt adds a dependency that isn't otherwise there, where sha1 and sha2 are part of glibc
  • Rob
    Rob about 13 years
    What I said in point 3.
  • Geoff
    Geoff about 13 years
    Sorry, I'll be more clear. Being computationally expensive, plus having a configurable number of rounds, is exactly why this is a good scheme for long-term security. It allows the cost of checking the hash to increase as hardware gets faster. The original paper describing bcrypt was actually titled "A Future-Adaptable Password Scheme" (usenix.org/events/usenix99/provos/provos_html)
  • Rob
    Rob about 13 years
    @pdo I don't consider the ability to increase the number of rounds to negate point 3. It may be that additional rounds cancel each other out in some way w.r.t. future cryptoanalytic attacks on the underlying algorithm.
  • Geoff
    Geoff about 13 years
    @Rob All things being equal, a hashing scheme that is more computationally expensive is better than one that is less expensive. It means you have to spend longer to hash each candidate password when brute-forcing the keyspace. If you know of a better attack against Blowfish (as used in bcrypt) than the rest of the world, please let somebody know :)
  • Geoff
    Geoff over 12 years
    @TechZilla I'm not arguing it should be the default, only pointing out the characteristic that makes it a good password hash mechanism.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Am i hacked? unknown processes dsfref, gfhddsfew, dsfref etc are starting automatically in centos 6.5
Packet socket in promiscuous mode only receiving local traffic
Using directory traversal attack to execute commands
java.lang.SecurityException: Permission Denial: starting Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER]
What is securityfs?
Taking a picture with a laptop webcam after entering an incorrect password
How do I write a test for system login?
What does "Require all granted" on Directory / (root) REALY means? (Apache 2.4 on CentOS7
Fail2Ban & Port-Scanning
Hidden Files&Directories in user's home directory