bcrypt

[Maxim Dounin]

Hello!

On Fri, Jun 23, 2017 at 01:24:19PM +0000, Lukas Tribus wrote:

> Hello,
> 
> 
> > In nginx there is no native support for bcrypt passwords as 
> > produced by Apache's htpasswd.  On the other hand, nginx can use 
> > all password schemes supported by crypt(3) on your OS.  Many 
> > operating systems do support bcrypt-encrypted passwords in 
> > crypt(3), and if Apache's variant is not different from other 
> > implementations, it would be enough to change the prefix in the 
> > password hashes from Apache-specific $2y$ to the one supported by 
> > your OS.
> 
> Is it a good idea though to use a very CPU intense hash like bcrypt
> in an event-driven webserver?
> 
> Bcrypt is intentionally slow, I assume having a lot of bcrypt
> protected HTTP transactions would block nginx causing it to slow
> down severely?

All password hashing schemes are intentionally slow.  The goal of 
password hashing is to prevent brute-force attacks even if hashes 
are leaked.  The question is how slow a particular hashing scheme 
is, and if it is acceptable for a particular use case.

One of the bcrypt scheme main properties is that it allows to 
control number of rounds, and thus control hashing speed.  With 
low number of rounds it is reasonably fast.  For example, with 2^5 
rounds (default used by htpasswd) it takes about 4 milliseconds 
here on a test box:

$ time perl -le '$h = "foo"; for (1..1000) { $h = crypt($h, q{$2b$05$foodfsadfdfsadfsadfalkjlkkjlkjlkjlkjlkjlkjlkjljklkjlk}); }; print $h;'
$2b$05$foodfsadfdfsadfsadfaleR/2BBLeLV.7NTWtyNRyAquSKRD9E4Sy

real	0m3.884s
user	0m3.880s
sys	0m0.001s

-- 
Maxim Dounin
http://nginx.org/