Cryptography
bcrypt
Also known as: EksBlowfish hash, Provos-Mazières bcrypt
Definition
An adaptive password-hashing function based on the Blowfish cipher with a tunable cost factor, designed by Provos and Mazières in 1999.
Examples
- Django and Spring Security store user passwords with bcrypt at cost 12 by default.
- A typical bcrypt hash starts with $2b$12$ followed by a 22-character salt and 31-character digest.
Related terms
Key Derivation Function (KDF)
A cryptographic function that derives one or more strong cryptographic keys from a secret input such as a password, shared secret or master key.
Argon2
A modern memory-hard password hashing function and KDF, winner of the 2015 Password Hashing Competition and specified in RFC 9106.
scrypt
A memory-hard password-based KDF designed by Colin Percival in 2009 and specified in RFC 7914, used for password hashing and for proof-of-work in some cryptocurrencies.
PBKDF2
A password-based key derivation function defined in PKCS #5 / RFC 8018 that applies a pseudorandom function with a configurable iteration count and salt.
Salt
A unique random value combined with a password before hashing to defeat rainbow tables and ensure each user's hash is distinct.
Blowfish
A 64-bit-block, variable-key-length Feistel cipher designed by Bruce Schneier in 1993; secure cryptanalytically but limited by a small block size and superseded by AES.