6

Is the execution time for bcrypt independent of the length of the input string?

i.e.

Should the execution time of

bcrypt.hashpw('input_string', bcrypt.gensalt(12))

and

bcrypt.hashpw('arbitrarily_longer_input_string', bcrypt.gensalt(12))

be in theory the same.

Is this a something that is guaranteed by the bcrypt algorithm, or is it implementation specific?

mmcnickle
  • 163
  • 3

1 Answers1

7

Execution time in bcrypt does not depend on the input size; internally, the input string is padded into a fixed-length sequence of bytes, and that sequence is then used throughout the algorithm.

It would be a problem if execution time depended on input size, because the "cost factor" parameter is adjusted to make the execution time as high as is tolerable. The question is relevant, but, fortunately, bcrypt does not have this specific weakness.

Note: input passwords for bcrypt have a maximum size of a few dozen bytes. There are ways around it which involves a pre-hashing step (that step would take a time proportional to the password size, but it would be muuuuuch faster so the time overhead would be negligible, unless you are in the habit of typing passwords of several megabytes, which is impressive but weird).

Tom Leek
  • 170,038
  • 29
  • 342
  • 480
  • Ok, I just took a guess. This guy actually knew the answer. I deleted my answer because it was incorrect. – John May 02 '13 at 15:02