Scribd
Upload
3 views11 pages

Password_Hashing_Best_Practices_Detailed

The document analyzes the strengths and weaknesses of bcrypt, scrypt, and PBKDF2 for securely storing user passwords and resisting brute-force attacks. It emphasizes the importance of password hashing to protect against database compromises and recommends using scrypt for maximum protection, with bcrypt as a good default and PBKDF2 for legacy support. The conclusion highlights the need for regular updates to hashing parameters to maintain security over time.

Uploaded by

winiforall
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
3 views11 pages

Password_Hashing_Best_Practices_Detailed

The document analyzes the strengths and weaknesses of bcrypt, scrypt, and PBKDF2 for securely storing user passwords and resisting brute-force attacks. It emphasizes the importance of password hashing to protect against database compromises and recommends using scrypt for maximum protection, with bcrypt as a good default and PBKDF2 for legacy support. The conclusion highlights the need for regular updates to hashing parameters to maintain security over time.

Uploaded by

winiforall
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

Password Hashing Best Practices

• Comparing bcrypt, scrypt, and PBKDF2


• Presented by: [Your Name]
Introduction
• Objective:
• To analyze the strengths and weaknesses of
bcrypt, scrypt, and PBKDF2 when used for
securely storing user passwords, especially in
resisting brute-force attacks.
Why Password Hashing Matters
• - Plaintext passwords are easily exploitable if
databases are compromised.
• - Hashing makes passwords unreadable, even
to system administrators.
• - Strong hashing algorithms with slow
computation times discourage attackers from
brute-forcing.
What is a Brute-force Attack?
• - An attack method where every possible
password is tried until the correct one is
found.
• - Faster hash functions make it easier for
attackers to attempt millions of guesses per
second.
• - Secure algorithms introduce computational
delays to slow down such attempts.
bcrypt Overview
• - Purpose-built for password hashing with a
focus on security.
• - Built-in salting mechanism to defend against
rainbow table attacks.
• - Cost factor (logarithmic) increases
computational time exponentially.

• Brute-force Resistance:
• - ✅ Highly resistant due to slow hashing speed.
scrypt Overview
• - Designed to be both CPU and memory
intensive.
• - Ideal for making brute-force attacks
expensive and slow, especially on parallel
systems like GPUs.
• - Parameters (N, r, p) can be tuned for desired
security level.

• Brute-force Resistance:
• - ✅ Very high due to memory hardness and
PBKDF2 Overview
• - A well-established key derivation function
defined in PKCS #5.
• - Widely supported in libraries and systems.
• - Customizable iteration count allows scaling
computation time.

• Brute-force Resistance:
• - ⚠️Moderate — depends on high iteration
counts.
Comparison Table
• Feature | bcrypt | scrypt |
PBKDF2
• ----------------------|---------------|------------------|--
------------
• Year Introduced | 1999 | 2009
| 2000
• Salt Support | Yes | Yes | Yes
• Memory-Hard | No | Yes |
No
• Adjustable Cost | Yes (2^n) | Yes (CPU,
Recommendation
• - Use scrypt for maximum protection in
modern systems.
• - bcrypt is a good default for web apps with
strong CPU-based protection.
• - PBKDF2 can be used where legacy support is
required but needs high iteration counts to be
secure.
Conclusion
• - Password hashing is critical for user data
protection.
• - The choice of algorithm should consider
resistance to brute-force and available system
resources.
• - Regular updates to parameters
(cost/iterations) ensure long-term security.
Questions
• Feel free to ask questions or request
clarification on any hashing algorithm.

You might also like