TL;DR
bcrypt is generally much better than using iterative SHA-256 (or other simple SHA hashes) for password storage. bcrypt includes a built-in salt and adaptive work factor, making it resistant to brute-force attacks even with fast hardware. Iterative SHA-x requires careful implementation of salting and iteration counts to achieve similar security, and is prone to errors.
1. Understanding Password Hashing
Password hashing isn’t about storing passwords directly; it’s about transforming them into a fixed-size string that’s difficult to reverse engineer. Even if someone gets access to your database, they shouldn’t be able to easily figure out the original passwords.
2. What is bcrypt?
bcrypt is a password hashing function designed specifically for this purpose. Key features:
- Salt: A random string added to each password before hashing. This prevents attackers from using pre-computed tables of common passwords (rainbow tables).
- Adaptive Work Factor: The amount of computational effort required to hash a password. You can increase this factor over time as hardware gets faster, making brute-force attacks more expensive.
bcrypt automatically handles salting and the work factor for you.
3. What is Iterative SHA-256 (or other SHA hashes)?
This involves repeatedly hashing a password with a salt using a function like SHA-256. The idea is to make brute-forcing harder by increasing the number of iterations. However, it’s more complex and error-prone than using bcrypt.
4. Why bcrypt is Better
- Security: bcrypt is specifically designed to be slow (to resist brute force) and includes built-in protections against common attacks.
- Simplicity: It’s easier to use correctly. You don’t need to worry about choosing a good salt length or iteration count.
- Adaptive: The work factor can be easily adjusted as hardware improves, maintaining security over time.
- Standard Library Support: bcrypt is widely available in programming languages and frameworks (e.g., Python’s
bcryptlibrary, PHP’spassword_hash()function).
5. Implementing bcrypt (Example – Python)
import bcrypt
password = b"mysecretpassword"
# Generate a salt and hash the password
hashed = bcrypt.hashpw(password, bcrypt.gensalt())
# Verify the password
if bcrypt.checkpw(password, hashed):
print("Password matches!")
else:
print("Password does not match.")6. Implementing Iterative SHA-256 (Example – Python)
Warning: This is for demonstration only. Using bcrypt is strongly recommended instead.
import hashlib
import os
def hash_password(password):
salt = os.urandom(16)
iterations = 100000 # Choose a high iteration count!
salted_password = salt + password
hashed_password = hashlib.sha256(salted_password).hexdigest()
for _ in range(iterations):
hashed_password = hashlib.sha256((hashed_password + salt).encode('utf-8')).hexdigest()
return salt.hex() + ':' + hashed_password
def verify_password(password, stored_hash):
salt_hex, hashed_password = stored_hash.split(':')
salt = bytes.fromhex(salt_hex)
salted_password = salt + password
iterations = 100000 # Must match the iteration count used during hashing!
hashed_input = hashlib.sha256(salted_password).hexdigest()
for _ in range(iterations):
hashed_input = hashlib.sha256((hashed_input + salt.hex()).encode('utf-8')).hexdigest()
return hashed_input == hashed_password
Important notes for iterative SHA-256:
- You must store the salt alongside the hash.
- The iteration count (
iterations) needs to be high enough to make brute-forcing slow, but not so high that it impacts application performance. A value of at least 100,000 is a good starting point, and you should increase this over time as hardware improves. - You must use the same iteration count when verifying the password as when hashing it.
7. Conclusion
While iterative SHA-256 can be made reasonably secure with careful implementation, bcrypt is a much simpler and safer option for most applications. It’s designed specifically for password hashing, handles salting and adaptive work factors automatically, and is widely supported.