Introduction
In today's digital world, passwords play a crucial role in protecting personal privacy and information security. Passwords are the most commonly used means of authentication because they are simple yet effective. Password security is the cornerstone of cybersecurity and plays a fundamental role in safeguarding the information security of individuals and organizations. However, with the increasing frequency and complexity of cyberattacks, traditional password hashing algorithms like MD5 and SHA series have proven to be inadequate against modern security threats. Therefore, using strong passwords and effective password management strategies has become increasingly important. This is where bcrypt comes into play. bcrypt is a secure and flexible password hashing algorithm that can withstand various attacks and ensure the security of user data.
Common password storage methods
Plain text storage
Plain text storage refers to storing passwords directly in the database without any encryption. The flaw with this method is that if the database is compromised, attackers can immediately obtain all users' passwords. This is the most insecure storage method and should never be used in any project.
Basic hash storage
Refers to storing passwords after processing them through a hash function, such as MD5 or SHA-1. The flaw is that the resulting hash is the same every time for the same password, making it susceptible to attackers using rainbow tables (precomputed hash value lists) to reverse lookup passwords. Furthermore, these hash algorithms have fast computation speeds, making brute-force attacks feasible.
Salted hash storage
To address the drawbacks of basic hashing, a unique salt(random value) can be generated for each password, which is then combined with the password before hashing. The flaw is that although salting can resist rainbow table attacks, if a fast hash function is used (such as SHA-256), it can still be susceptible to brute-force attacks and dictionary attacks.
Adaptive hash algorithms
Adaptive hash algorithms(such as bcrypt, PBKDF2, and Argon2) are designed with consideration for computation time and can adjust the consumption of computational resources to counter brute-force attacks. The flaw is that if not properly configured(such as setting a low work factor), they can still be vulnerable to attacks.
Password encryption storage
Encrypting passwords using symmetric or asymmetric encryption algorithms and storing the encrypted values. The flaw is the need to securely store the encryption keys. If the keys are compromised, it is equivalent to the passwords being leaked in plaintext.
Hardware Security Module(HSM) storage
Using dedicated secure hardware, such as an HSM, to handle and store passwords. The flaw is that while it is very secure, it comes with higher costs and may lack scalability and flexibility.
Each password storage method has its pros and cons, but the best practice is to use adaptive hash algorithms specifically designed for password storage. These algorithms provide automatic management of salts and the ability to adjust the computational strength, thereby defending against various attack methods. The most representative algorithm in this regard is bcrypt. Next, let's delve into bcrypt in more detail.
The origin and design of the bcrypt algorithm
bcrypt was designed to protect passwords stored in databases from attacks. It was developed in 1999 by Niels Provos and David Mazières. It is based on the Blowfish cipher algorithm and utilizes "salts" to protect passwords from rainbow table attacks.
The initial purpose of bcrypt was to provide a more powerful and reliable password hashing approach to prevent common password attacks such as brute-force and rainbow table attacks. To achieve this goal, bcrypt incorporates several innovative design concepts, including:
- Strong hash function based on Blowfish: The core of the bcrypt algorithm is a hash function based on the Blowfish cipher algorithm, which provides high collision resistance and resistance against precomputed attacks.
- Adaptive work factor: bcrypt introduces an "adaptive" work factor that allows adjusting the complexity of the hashing based on actual needs, maintaining high security within a reasonable time frame.
- Salt value: bcrypt employs the use of salt values, where a unique random string is added to each password, increasing the difficulty of cracking and preventing rainbow table attacks.
- Resistance against parallel computation: bcrypt strictly controls memory access to prevent accelerated cracking using parallel computation techniques.
- Ease of use: bcrypt is easy to implement and can be used on multiple platforms.
Overall, the bcrypt algorithm was designed to provide a robust and secure password hashing solution with various defense mechanisms against common password attacks.
The working principle of bcrypt
The workflow of bcrypt is as follows:
Generating a salt
When hashing a password, bcrypt first generates a random salt. The salt is a sufficiently long random number, typically 128 bits (16 bytes). The purpose of the salt is to ensure that the result of hashing the same password is different each time.
Setting the work factor
The work factor (also known as the cost factor) determines the complexity of the hashing computation. The higher the work factor, the more time and resources are required for the hash calculation. The work factor is essentially an exponent that represents the number of iterations in the main loop as a power of 2. For example, a work factor of 12 means 2^12 (4096) iterations.
Combining the password and salt
The password is combined with the salt to ensure that even the same password produces different results.
Key stretching
bcrypt uses the Blowfish algorithm to perform multiple rounds of encryption on the password and salt. This process is called key stretching, where a fixed text, usually is OrpheanBeholderScryDoubt, is repeatedly encrypted. The purpose is to increase the computational cost of password hashing and resist brute-force attacks.
Generating the hash value
After multiple iterations, a fixed-length hash value is generated, which is the stored value in the database for password verification.
Password verification
When a user attempts to log in, the stored hash value is retrieved from the database, and the user's input password is hashed using the same parameters. If the resulting hash matches the stored hash, the password is considered valid.
Through this process, bcrypt can effectively protect passwords, even in the event of a database breach. Due to the complexity and uniqueness of the hash, cracking the passwords becomes extremely difficult.
Using bcrypt in Golang
The crypto/bcrypt package in Golang provides an implementation of the bcrypt algorithm. Here is an example of how to use it:
import (
"golang.org/x/crypto/bcrypt"
"fmt"
)
func main() {
password := "myPassword123"
// Generate a salt
salt, err := bcrypt.GenerateSalt(10)
if err != nil {
fmt.Println("Error generating salt:", err)
return
}
// Hash the password with the salt
hashedPassword, err := bcrypt.Hash(password, salt)
if err != nil {
fmt.Println("Error hashing password:", err)
return
}
// Store the hashed password and salt in the database
// Check if a given password matches the stored hashed password
err = bcrypt.CompareHashAndPassword(hashedPassword, password)
if err != nil {
fmt.Println("Passwords do not match")
return
}
fmt.Println("Passwords match")
}In this example, we generate a salt using bcrypt.GenerateSalt function. Then, we hash the password with the generated salt using bcrypt.Hash function. The resulting hashed password can be stored in the database. Later, when verifying a password, we use bcrypt.CompareHashAndPassword function to check if the given password matches the stored hashed password.
Summary
bcrypt is a hash function specifically designed for password storage. By combining salt values, work factors, and the Blowfish algorithm, it effectively defends against rainbow table attacks and brute-force cracking. Over time, the work factor can be adjusted to adapt to new threat models.
