You can use this Toolkit to do the following
- Create Bcrypt Salt
- … with different rounds
- Create Bcrypt Hash
- … from provided salt
- … from random salt
- Match Strings to a Hash
- Get the Salt of a Hash
- Get the Rounds of a Hash / Salt
What is Bcrypt?
Bcrypt is a hashing function that was specifically developed for securely hashing passwords. It is based on the Blowfish algorithm.
It is the current state of the art password hashing function because:
- Bcrypt takes longer than conventional hashing functions (in fact multiple thousand times longer) to hash a String. This makes it secure for hashing passwords because brute-forcing the String takes longer. This increases the time between successfully guessed hashes from days to years, thereby making the brute-forcing of passwords not worthwhile for the attacker.
- Bcrypt always includes a unique salt for each password, which prevents the usage of Rainbow Tables
- Bcrypt is an adaptive algorithm. Computational power increases over time, thereby making the guessing of passwords faster and faster with each new hardware generation. By increasing Bcrypt’s number of rounds the complexity of the algorithm can be scaled indefinitely. After scaling the algorithm it takes more work to calculate a hash which in turn corresponds to the current hardware capabilities.