undefined | Better HN

0 pointstaurknaut1y ago0 comments

> but they wanted a hash function with unlimited input size

I'm kind of baffled how they came to use bcrypt for this. Bcrypt is not exactly subtle about only supporting 72 bytes of input. And this is at a company who provides auth as a service; I've got to imagine they had multiple engineers who knew this (I guess not working on that code). Hell, I know this and I've only used bcrypt twice and I'm nowhere near a security/crypto guy.

0 comments

bufferoverflow1y ago

BCrypt should loudly fail if more than 72 bytes are sent to its input.

taurknautOP1y ago

Maybe it should. Discarding the rest of the bytes works fine for passwords, though. I guess that's just not sufficient.

pclmulqdq1y ago

In my book, discarding entropy is a generally dumb thing to do. Passwords are usually under 72 chars, but a lot of people use concatenations of usernames and passwords in their hash to get guaranteed domain separation between users.

j / k navigate · click thread line to collapse