BCrypt vs PBKDF2: Password Hashing

TL;DR

Both BCrypt and PBKDF2-SHA256 are strong password hashing algorithms. BCrypt is generally easier to use correctly, automatically handles salting and work factor adjustment. PBKDF2 requires you to manage salts and iteration counts yourself but offers more flexibility.

1. Understanding Password Hashing

Password hashing isn’t about storing passwords directly. It’s about transforming them into a secure, one-way representation. Even if someone gets access to your database, they shouldn’t be able to easily get the original passwords back.

2. BCrypt: The Easier Option

1. How it Works: BCrypt combines a hashing function with salting and adaptive work factor (cost). Salting adds random data to each password before hashing, making rainbow table attacks much harder. Adaptive work factor increases the computational effort needed to hash passwords, slowing down attackers.
2. Implementation Example (Python):

   from bcrypt import gensalt, hashpw, checkpw
   
   pwd = b'mysecretpassword'
   salt = gensalt()
   hashed_pwd = hashpw(pwd, salt)
   
   # To verify:
   if checkpw(b'mysecretpassword', hashed_pwd):
       print("Password matches!")
   else:
       print("Password does not match.")
   

3. Key Advantages:
   • Automatic salting.
   • Adaptive work factor – you can increase the cost over time as computing power increases.
   • Widely supported in many languages and frameworks.

3. PBKDF2-SHA256: More Control, More Responsibility

1. How it Works: PBKDF2 (Password-Based Key Derivation Function 2) uses a hashing function (like SHA256) and applies it repeatedly with a salt and an iteration count. The more iterations, the slower the hash is to compute – making brute-force attacks harder.
2. Implementation Example (Python):

   import hashlib
   import os
   
   def hash_password(password):
       salt = os.urandom(16)
       iterations = 100000 # Choose a high number!
       hashed_password = hashlib.pbkdf2_hmac('sha256', password, salt, iterations)
       return salt, hashed_password
   
   def verify_password(password, salt, hashed_password):
       iterations = 100000 # Must match the original!
       new_hash = hashlib.pbkdf2_hmac('sha256', password, salt, iterations)
       return new_hash == hashed_password
   

3. Key Considerations:
   • Salt Management: You *must* store the salt alongside the hash. It’s crucial for verification.
   • Iteration Count: Choose a high iteration count (e.g., 100,000 or more). Increase this over time as hardware improves. A low iteration count renders PBKDF2 ineffective.
   • Flexibility: You can choose different hashing functions (SHA256 is common) and adjust the salt length.

4. Which Should You Choose?

For most applications, BCrypt is the recommended choice due to its ease of use and automatic handling of important security features. If you need more control over the hashing process or have specific requirements, PBKDF2-SHA256 can be a good option – but be prepared to manage salts and iteration counts carefully.

5. Important Security Notes

• Never store passwords in plain text!
• Always use a strong password hashing algorithm like BCrypt or PBKDF2-SHA256.
• Regularly review and update your security practices. Increase the work factor/iteration count as computing power increases.