Specops Software, an Outpost24 company, have released new research about bcrypt-passwords – and how easy (or not) they are to crack. This research follows previously released data on how long it takes attackers to brute force MD5 hashed user passwords with the help of newer hardware.
Web-based services and websites store hashed versions of your passwords, which means your actual password isn’t visible or stored in their database instead a string of fixed-length characters is stored. Hashing is a security technique used to secure your passwords or texts stored in databases. A hash function is used to generate a string of…
Hello all, I’m working on a personal application and I’ve been leveraging bcrypt for password hashing. I’m using the bcrypt.hashpw and bcrypt.checkpw functions. I was also reading there some attacks with very long passwords so I’m first encoding and then hashing the passwords before I run them through bcrypt. for hashing the password bcrypt.hashpw(base64.b64encode(hashlib.sha256(password.encode(‘utf-8’)).digest()), bcrypt.gensalt(14))
Password hash comparisons should not be conducted within your business logic. Current hashing algorithms such as bcrypt make this very hard to avoid ·
This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.