Improved password encryption using Bcrypt

Securing user passwords is an important part of any web application that provides identity management service and when it comes to managing passwords, it’s crucial to use the best practices and techniques available in order to minimize the chance of an attacker being able to access passwords.

We have recently adopted Bcrypt algorithm as a one- way digest for creating password hashes.  Bcrypt as a password hashing function was designed by Niels Provos and David Mazières, based on the Blowfish cipher .

This algorithm aims to make it computationally impossible for a professional hacker using none PC devices (e.g. GPU) in order to decrypt passwords as the hashing mechanism is intentionally very slow.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s