bcrypt icon indicating copy to clipboard operation
bcrypt copied to clipboard

Published 20 hours ago verified publisher icon pyca

Add footnote warning to hashing a hash

Open fwdekker opened this issue 3 years ago • 3 comments

It's generally not recommended to use bcrypt on top of another hashing algorithm. While doing it over sha256 is obviously not as bad as doing it over md5, I think it's important to note in the README that OWASP recommends against the practice.

fwdekker avatar Sep 13 '22 20:09 fwdekker

Sure it is. “Hash shucking” remains an issue, and the differences in collision resistance and output size aren’t relevant to this application.

You're absolutely right!

How about recommending pre-hashing with HMAC as a keyed hash instead? Or just bcrypt.kdf?

I've removed the mention of the DDoS attack, replaced sha256 with bcrypt_pbkdf, and adjusted the explanation of why using an unkeyed hash function is not a good idea. What do you think?

I don't have a lot of experience with bcrypt_pbkdf, so I just copied the parameters from the kdf part of the README. Do you think those parameters are readable?

fwdekker avatar Sep 14 '22 14:09 fwdekker

https://flak.tedunangst.com/post/new-openssh-key-format-and-bcrypt-pbkdf has some information about choosing parameters for bcrypt_pbkdf. I've fixed CircleCI so if you push a new commit here CI should pass now and we can get it reviewed 😄

reaperhulk avatar Sep 14 '22 14:09 reaperhulk

closing/reopening to trigger CI

reaperhulk avatar Sep 23 '22 13:09 reaperhulk