From my understanding BCrypt truncates the password to 72 bytes. If a password i

Question

From my understanding BCrypt truncates the password to 72 bytes. If a password is longer than 72 bytes, what is a way to store that password using bcrypt securely without compromising it? Or is this incorrect and we should just let bcrypt truncate it?

The reason why I ask is that I've seen some implementations where they SHA-256 the password first then enter it into BCrypt (e.g. PassLib bcrypt_sha256). However the SHA-256 output is a 32 byte digest. If the original password before the SHA-256 was longer than 32 bytes doesn't hashing it with SHA-256 compromise bcrypt by shortening it to 32 bytes?

If that is the case with SHA-256 would SHA-512 be a more secure option with 64 bytes?

I've seen in some places like Wikipedia and SE Cryptography where they say 56 bytes is the max password byte length. What password byte length is optimal for bcrypt passwords if it isn't 72 bytes?

If that is the case, then with passwords less than the optimal byte length is it better to hash them to a longer byte length?

Explanation / Answer

Hashing a password does not necessarily weakens the password.

What is more important in this case is the collision resistance of the hash algorithm. As long as the collision resistance is given a hash values used is enough to get a high security.

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.