-
Alex Vandiver authored
A SHA-512 with a 16-character salt, drawn from 64 possible characters, yields 2^96 possible salts. While this makes rainbow tables unrealistic given modern hardware (the failure mode of RT 3.8's MD5 hashing), it does very little to deter against offline brute force attacks on the database. Specifically, given the complete hashed password and salt from the database, a dictionary of weak passwords can be hashed with the stored salt to attempt to find matches. Given that a single round of the SHA-512 hash is not designed to be computationally expensive, possible passwords may be hashed and checked very quickly. The bcrypt hashing function is designed to be computationally expensive to mitigate these types of attacks. For instance, on a development laptop: Rate bcrypt sha-512 bcrypt 3.34/s -- -100% sha-512 36850/s 1102153% -- That is, bcrypt is four orders of magnitude slower to compute, thus notably increasing the computational cost of brute-forcing passwords. bcrypt also includes a tuning parameter, the number of "rounds" to run, which allows the same algorithm to be increase the computational cost required as computers continue to grow faster. We use the standard value of 10 here, but allow for higher values to be used later.
b0e494c6