Bcrypt at 25

published on 2023/05/29

Before delving deeper into bcrypt and secure password hashing, let me explain why secure password hashing matters. In the past, the theft of password databases from compromised systems was a common problem. With the introduction of crypt, passwords were no longer stored in plaintext. To learn the password for an account from an encrypted password dump, it was necessary to guess at a potential password, hash it and then compare it against the encrypted password database. To nobody’s surprise, humans were, and still are, predictable in their password choices. Consequently, various tools emerged to guess common passwords and compare them with the hashed passwords in the user database. These tools typically employ a combination of dictionary attacks, brute force and other techniques to guess potential passwords and check them against stored hashes (Bonneau, 2012). John the Ripper, L0phtCrack, Hashcat, and Hydra are some popular examples of password cracking tools.

usenix.org