Password Hashing: BCrypt vs PBKDF2

TL;DR

Both BCrypt and PBKDF2 are strong password hashing algorithms, much better than storing passwords directly. PBKDF2 is generally faster but requires careful tuning of the iteration count to achieve adequate security. BCrypt automatically handles this for you, making it easier to use securely by default.

1. Understanding Password Hashing

Password hashing isn’t about encryption; it’s a one-way function. You can’t get the original password back from the hash. It protects passwords if your database is compromised because attackers only get hashes, not plain text.

2. BCrypt+SHA256: Automatic Security

1. How it works: BCrypt combines a hashing function (Blowfish) with salting and adaptive work factor (cost). The cost determines how much computing power is needed to hash the password, slowing down attackers.
2. Salting: A random string added to each password before hashing. This prevents ‘rainbow table’ attacks where pre-computed hashes are used.
3. Cost Factor: BCrypt automatically adjusts the cost factor based on hardware speed, keeping the hashing time consistent. A higher cost means more security but slower login times.
4. Example (Python):

   import bcrypt
   password = b"mysecretpassword"
   salt = bcrypt.gensalt()
   hashed = bcrypt.hashpw(password, salt)
   print(hashed)
   

5. Verification: Use bcrypt.checkpw() to compare the entered password with the stored hash.

   if bcrypt.checkpw(b"mysecretpassword", hashed):
       print("Password matches!")
   else:
       print("Incorrect password!")
   

3. PBKDF2-SHA256: Manual Tuning Required

1. How it works: PBKDF2 (Password-Based Key Derivation Function 2) uses a hashing function (like SHA256) and applies it repeatedly with a salt.
2. Iteration Count: The number of times the hash function is applied. A higher iteration count increases security but also slows down login times. This is *crucial* to configure correctly.
3. Salting: Like BCrypt, PBKDF2 requires a unique salt for each password.
4. Example (Python):

   import hashlib
   import os
   password = b"mysecretpassword"
   salt = os.urandom(16)
   it_count = 100000 # IMPORTANT: Choose a high value!
   hashed = hashlib.pbkdf2_hmac('sha256', password, salt, it_count)
   print(hashed)
   

5. Verification: You need to re-hash the entered password with the same salt and iteration count and compare the results.

   entered_password = b"mysecretpassword"
   hashed_entered = hashlib.pbkdf2_hmac('sha256', entered_password, salt, it_count)
   if hashed == hashed_entered:
       print("Password matches!")
   else:
       print("Incorrect password!")
   

4. BCrypt vs PBKDF2: Key Differences

• Ease of Use: BCrypt is simpler to use securely because it handles the cost factor automatically.
• Performance: PBKDF2 can be faster than BCrypt if tuned correctly, but requires more expertise to avoid security vulnerabilities.
• Security: Both are strong when implemented properly. Incorrectly configured PBKDF2 (low iteration count) is significantly weaker.
• Library Support: Both have excellent library support in most programming languages.

5. Recommendation

For most applications, BCrypt is the recommended choice due to its ease of use and automatic security adjustments. If you choose PBKDF2, ensure you research appropriate iteration counts for current hardware capabilities and regularly review/increase them as technology advances.