7

In order to allow users to connect to my website, I encrypt their password using BCrypt since it is one of the slowest algorithms to decrypt (making a compromised database longer to be decrypted).

But I was wondering if that was enough -- or if combining it with a hashing algorithm like sha256/512 was better ?

In fact, that would mean :

clear password -> sha256 -> bcrypt -> stored in database.

Does adding the sha256 really increase the difficulty to decrypt these, or is the slowness of BCrypt sufficient?

Cyril N.
  • 2,659
  • 2
  • 18
  • 28

1 Answers1

5

The short answer is, use bcrypt, not SHA256. Bcrypt already hashes the password, so if you are using bcrypt, there is no point to use both bcrypt+SHA256; it won't be any stronger. Bcrypt alone is sufficient.

There's a lot of advice on this site on exactly this topic. Search for "password hashing" and you'll find it.

See, e.g., How to securely hash passwords?, Which password hashing method should I use?, Most secure password hash algorithm(s)?, Do any security experts recommend bcrypt for password storage?.

You want to use a password hashing algorithm that is as slow as you can stand, to prevent offline dictionary attacks on people's passwords if your database is compromised.

Of course, that is not enough. There are a variety of steps you should take to make use of passwords as secure as possible. Here are a few:

  • Use site-wide SSL/TLS. Any attempt to visit your site through HTTP should immediately redirect to HTTPS.

  • Enable HSTS on your site. This tells browsers to only connect to you via HTTPS. Paypal uses it. It is supported in recent versions of Firefox and Chrome.

Search the site and you'll find lots more.

D.W.
  • 98,860
  • 33
  • 271
  • 588
  • Thanks for the answer. I didn't know about HSTS and I will read about it. You answered my question when you said that bcrypt also hash the password and then it's useless to hash it again with sha. – Cyril N. May 08 '12 at 19:03
  • Other than SSL to the client, I would still recommend salting the passwords. bycrypt(password.length() + password + salt). – ewanm89 May 08 '12 at 22:41
  • @ewanm89, yes, a salt is a good idea -- but that is implicit in using bcrypt. One of the arguments to bcrypt is the salt. You basically can't use bcrypt without using a salt. – D.W. May 08 '12 at 22:55
  • 3
    The accepted answer in this thread disagrees; since BCrypt has a maximum length it can encode they recommend making the most of long passwords by hashing with SHA256 before feeding into BCrypt: http://security.stackexchange.com/questions/6623/pre-hash-password-before-applying-bcrypt-to-avoid-restricting-password-length – Chris Moschini Jun 18 '12 at 19:23