Permalink
Browse files

Added better documentation on cost factors.

git-svn-id: http://bcrypt-ruby.rubyforge.org/svn/trunk@38 b1e0f299-433e-4bb3-9895-84128a6cfb6a
  • Loading branch information...
1 parent 62fc172 commit 1133c7504687c6affcf846bedee5fa83bf74cc8a codahale committed Jun 16, 2007
Showing with 14 additions and 0 deletions.
  1. +14 −0 README
View
14 README
@@ -91,6 +91,8 @@ Check the rdocs for more details -- BCrypt, BCrypt::Password.
bcrypt() is a hashing algorithm designed by Niels Provos and David Mazières of the OpenBSD Project.
+=== Background
+
Hash algorithms take a chunk of data (e.g., your user's password) and create a "digital fingerprint," or hash, of it.
Because this process is not reversible, there's no way to go from the hash back to the password.
@@ -102,11 +104,15 @@ You can store the hash and check it against a hash made of a potentially valid p
<unique gibberish> =? hash(just_entered_password)
+=== Rainbow Tables
+
But even this has weaknesses -- attackers can just run lists of possible passwords through the same algorithm, store the
results in a big database, and then look up the passwords by their hash:
PrecomputedPassword.find_by_hash(<unique gibberish>).password #=> "secret1"
+=== Salts
+
The solution to this is to add a small chunk of random data -- called a salt -- to the password before it's hashed:
hash(salt + p) #=> <really unique gibberish>
@@ -137,9 +143,17 @@ fingerprints as quickly as possible. bcrypt(), though, is designed to be computa
If an attacker was using Ruby to check each password, they could check ~140,000 passwords a second with MD5 but only
~450 passwords a second with bcrypt().
+=== Cost Factors
+
In addition, bcrypt() allows you to increase the amount of work required to hash a password as computers get faster. Old
passwords will still work fine, but new passwords can keep up with the times.
+The default cost factor used by bcrypt-ruby is 10, which is fine for session-based authentication. If you are using a
+stateless authentication architecture (e.g., HTTP Basic Auth), you will want to lower the cost factor to reduce your
+server load and keep your request times down. This will lower the security provided you, but there are few alternatives.
+
+== More Information
+
bcrypt() is currently used as the default password storage hash in OpenBSD, widely regarded as the most secure operating
system available.

0 comments on commit 1133c75

Please sign in to comment.