Commit 1133c7504687c6affcf846bedee5fa83bf74cc8a
Added better documentation on cost factors.
git-svn-id: http://bcrypt-ruby.rubyforge.org/svn/trunk@38 b1e0f299-433e-4bb3-9895-84128a6cfb6acodahale committed on 6/16/2007, 12:33:42 AM
Parent: 62fc1729c7b2f9ad485afb1f4b948b89dad341b6
Files changed
| README | changed |
| README | ||
|---|---|---|
| @@ -90,8 +90,10 @@ | ||
| 90 | 90 | == How bcrypt() works |
| 91 | 91 | |
| 92 | 92 | bcrypt() is a hashing algorithm designed by Niels Provos and David Mazières of the OpenBSD Project. |
| 93 | 93 | |
| 94 | +=== Background | |
| 95 | + | |
| 94 | 96 | Hash algorithms take a chunk of data (e.g., your user's password) and create a "digital fingerprint," or hash, of it. |
| 95 | 97 | Because this process is not reversible, there's no way to go from the hash back to the password. |
| 96 | 98 | |
| 97 | 99 | In other words: |
| @@ -101,13 +103,17 @@ | ||
| 101 | 103 | You can store the hash and check it against a hash made of a potentially valid password: |
| 102 | 104 | |
| 103 | 105 | <unique gibberish> =? hash(just_entered_password) |
| 104 | 106 | |
| 107 | +=== Rainbow Tables | |
| 108 | + | |
| 105 | 109 | But even this has weaknesses -- attackers can just run lists of possible passwords through the same algorithm, store the |
| 106 | 110 | results in a big database, and then look up the passwords by their hash: |
| 107 | 111 | |
| 108 | 112 | PrecomputedPassword.find_by_hash(<unique gibberish>).password #=> "secret1" |
| 109 | 113 | |
| 114 | +=== Salts | |
| 115 | + | |
| 110 | 116 | The solution to this is to add a small chunk of random data -- called a salt -- to the password before it's hashed: |
| 111 | 117 | |
| 112 | 118 | hash(salt + p) #=> <really unique gibberish> |
| 113 | 119 | |
| @@ -136,11 +142,19 @@ | ||
| 136 | 142 | |
| 137 | 143 | If an attacker was using Ruby to check each password, they could check ~140,000 passwords a second with MD5 but only |
| 138 | 144 | ~450 passwords a second with bcrypt(). |
| 139 | 145 | |
| 146 | +=== Cost Factors | |
| 147 | + | |
| 140 | 148 | In addition, bcrypt() allows you to increase the amount of work required to hash a password as computers get faster. Old |
| 141 | 149 | passwords will still work fine, but new passwords can keep up with the times. |
| 142 | 150 | |
| 151 | +The default cost factor used by bcrypt-ruby is 10, which is fine for session-based authentication. If you are using a | |
| 152 | +stateless authentication architecture (e.g., HTTP Basic Auth), you will want to lower the cost factor to reduce your | |
| 153 | +server load and keep your request times down. This will lower the security provided you, but there are few alternatives. | |
| 154 | + | |
| 155 | +== More Information | |
| 156 | + | |
| 143 | 157 | bcrypt() is currently used as the default password storage hash in OpenBSD, widely regarded as the most secure operating |
| 144 | 158 | system available. |
| 145 | 159 | |
| 146 | 160 | |
Built with git-ssb-web