BCrypt Password Hashing: Email as Salt?

TL;DR

Using a user’s email address directly as a salt for BCrypt is not recommended. While it seems convenient, it creates significant security vulnerabilities. A proper salt should be random and unique per password. This guide explains why, and shows how to use a secure approach with Python.

Why Email as Salt is Bad

Here’s why using an email address as a salt for BCrypt hashing is problematic:

• Rainbow Table Attacks: If multiple users share similar emails (e.g., variations of the same domain), attackers can pre-compute hashes for common email prefixes, making cracking passwords easier.
• Email Leaks: If your database suffers a breach and email addresses are exposed, attackers have immediate access to salts used in hashing, drastically reducing password security.
• Predictability: Email addresses often follow patterns (e.g., name.surname@domain.com), making them easier to guess or enumerate.

Secure Password Hashing with BCrypt

The correct approach is to use a randomly generated salt for each password and store the salt alongside the hash.

Step-by-Step Guide (Python Example)

1. Install Required Libraries:

pip install bcrypt

2. Generate a Random Salt: BCrypt handles salt generation for you. You don’t need to create it manually.
3. Hash the Password: Use the bcrypt.hashpw() function. This automatically generates a random salt and combines it with the password before hashing.

import bcrypt

def hash_password(password):
    # Generate a salt and hash the password
    hashed = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
    return hashed.decode('utf-8')

4. Store the Hash: Store the hashed value (as a string) in your database, along with the user’s email address (but *not* as part of the hash).
5. Verify the Password: Use the bcrypt.checkpw() function to compare the entered password with the stored hash. BCrypt automatically extracts the salt from the stored hash for verification.

   def verify_password(password, hashed):
       # Verify the password against the stored hash
       return bcrypt.checkpw(password.encode('utf-8'), hashed.encode('utf-8'))
   

6. Example Usage:

user_email = "test@example.com"
plain_text_password = "mysecretpassword"

# Hash the password
hashed_password = hash_password(plain_text_password)
print(f"Hashed Password for {user_email}: {hashed_password}")

# Verify the password
if verify_password(plain_text_password, hashed_password):
    print("Password verified!")
else:
    print("Incorrect password.")

7. Important Considerations:

• Cost Factor: The bcrypt.gensalt() function takes a cost factor as an argument (default is 12). Higher cost factors increase security but also hashing time. Choose a value appropriate for your server’s resources.
• Database Security: Protect your database from unauthorized access to prevent hash leaks.

In Summary

Never use user-provided data like email addresses directly as salts for password hashing. Always rely on BCrypt’s built-in salt generation and secure verification mechanisms.