LinuxCommandLibrary

bcrypt

Generate password hashes

SYNOPSIS

bcrypt [-c cost] [-s salt] password

PARAMETERS

-c cost, --cost cost
    Sets the algorithmic cost factor (also known as 'work factor' or 'rounds'). This integer value determines the computational difficulty. A higher cost increases the time required to compute the hash, making brute-force attacks exponentially more difficult. The default value is typically between 10 and 12, depending on the implementation.

-s salt, --salt salt
    Allows specifying a custom 16-byte salt to use for hashing. If not provided, a cryptographically secure random salt is generated automatically. It is highly recommended to let the system generate a random salt for maximum security.

password
    The plaintext password string to be hashed. If not provided on the command line, some implementations may read the password interactively from standard input to prevent it from appearing in shell history.

-h, --help
    Displays a brief help message and exits, showing usage instructions and available options.

DESCRIPTION

Bcrypt is a password-hashing function designed by Niels Provos and David Mazières in 1999. It is based on the Blowfish cipher and features an adaptive "cost factor" that makes it resilient against brute-force attacks by allowing the computational cost of hashing to be increased over time, keeping pace with improvements in hardware. Unlike simpler hashing algorithms like MD5 or SHA-1, bcrypt is specifically designed to be slow and resource-intensive, making it unsuitable for general data hashing but ideal for securing passwords. It also incorporates a unique salt for each hash to protect against rainbow table attacks and ensure that identical passwords produce different hashes, significantly enhancing security.

CAVEATS

The bcrypt command, specifically for generating password hashes from the command line, is not a standard, universally available utility on most Linux distributions. Password hashing using the bcrypt algorithm is typically performed via:
1. The mkpasswd command: often available as mkpasswd -m bcrypt (part of the whois or expect packages).
2. Programming language libraries: Most languages (Python, Node.js, Ruby, PHP, Go, etc.) have robust bcrypt libraries used by applications.
3. Web server tools: For example, htpasswd -B for Apache to generate bcrypt-hashed passwords for .htpasswd files.
The OpenBSD bcrypt command (sometimes ported to Linux) is primarily used for file encryption, not password hashing for system accounts. The description above refers to the conceptual use of a bcrypt command for password hashing, reflecting how the algorithm is typically accessed through command-line interfaces or libraries.

COST FACTOR EXPLANATION

The cost factor (often denoted as 'rounds' or 'work factor') determines the number of iterations bcrypt performs. A cost factor of N means the algorithm performs 2N iterations. Increasing the cost by 1 doubles the time it takes to compute the hash. This adaptive nature is crucial for future-proofing password storage against increasing computational power. Security recommendations for the cost factor evolve, but a common starting point for new applications is 10-12, adjusted based on hardware and latency requirements.

SALTING

Bcrypt automatically incorporates a randomly generated salt into each hash, unless a custom salt is explicitly provided. This salt is unique for every password, even if two users choose the same plaintext password. It prevents attackers from pre-computing hashes in rainbow tables and from detecting duplicate passwords across a database. The salt is typically stored as part of the bcrypt hash string itself, alongside the cost factor and the resulting hash.

HISTORY

Bcrypt was designed by Niels Provos and David Mazières in 1999 and presented at USENIX. It was initially integrated into OpenBSD's adduser utility. Its key innovation was the adaptive cost factor, allowing its computational difficulty to scale with increasing hardware power, a significant improvement over static hashing algorithms like MD5 and SHA-1 which quickly became vulnerable to brute-force attacks. Its design for password hashing made it a strong recommendation by security experts and it has since been widely adopted across various applications and frameworks for secure password storage.

SEE ALSO

mkpasswd(1), passwd(1), openssl(1), crypt(3)

Copied to clipboard