Reasoning for hashing password before bcrypting?

Question

Reasoning for hashing password before bcrypting?

danielcompton opened this issue 8 years ago · 6 comments

It could be good to add some explanation in the docs for why passwords are hashed before being encrypted. I found https://security.stackexchange.com/questions/6623/pre-hash-password-before-applying-bcrypt-to-avoid-restricting-password-length, is there other literature on this?
https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length
http://stackoverflow.com/questions/16594613/how-to-hash-long-passwords-72-characters-with-blowfish/16597402#16597402

This seems to suggest it might not be a good idea? http://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html, http://stackoverflow.com/questions/16891729/best-practices-salting-peppering-passwords/16896216#16896216

Either way, it could be good to document this decision.

Answer 1 · 2017-04-26T18:25:16.000Z

The main reason is the password length, and this technique is used by many well known and security audited frameworks (django framework is a great example). Is not an isolated random decision.

Additionally, the problem that you are commenting about the bad idea of hash before bcrypt it is very dependent of the bcrypt implementation. The bcrypt implementation that I'm using on buddy is not affected by that weird behavior.

I'm open to add a little not about the reason of using the combination of hash+bcrypt.

Answer 2 · 2017-04-26T18:52:25.000Z

There were two concerns, the specific PHP one was pretty weird and I agree not an issue here. However the more general point was that combining crypto algorithms can non-obviously make them weaker, so having a note with justification for why this is safe would be a good addition.

Answer 3 · 2017-04-26T19:32:16.000Z

Agree, Can you make a proposal of that note?

Answer 4 · 2017-12-09T18:11:30.000Z

I came here because I also wanted an explanation about the choice of algorithm. It would be nice if the note included which other frameworks this technique is used by.

Answer 5 · 2017-12-10T10:53:44.000Z

As i have said previously, I used the same technique that django uses, and i have used the same approach (more on this: https://docs.djangoproject.com/en/2.0/topics/auth/passwords/#using-bcrypt-with-django). Additionaly, i'm using a bcrypt implementation that uses binary data instead of just plain characters, so it is not affected by the problem described here https://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html

And, in any case, if you are not convinced about this approach, the toolkit is very extensible, so implementing a raw bcrypt is very easy. In fact the PR is welcome for that if someone consider having raw bcrypt useful.

Answer 6 · 2020-10-23T13:16:25.000Z

Close for inactivity.