What kind of encryption is that?

Asked

Viewed 227 times

0

I ran into this guy: $2a$08$Cf1f11ePArKlBJomM0F6a.xzfpEexCPc/xm.u/Tv/pK6K..cagbv. encryption in a client’s database but I don’t know, someone knows what it’s about?

  • http://php.net/manual/en/function.password-hash.php

  • If what you’re looking for is the specific protocol, 2a is the prefix of CRYPT_BLOWFISH. Here you have more details: https://en.wikipedia.org/wiki/Crypt_(C)

1 answer

2

I believe this is about bcrypt. By some chance this is in the column of passwords?

The traditional hash functions MD5, sha1, ... do not guarantee that the result is really safe, that is, from the value stored in the BD that has no way to guess its original value. This is because passwords have little information, usually 6 characters.

To correct this hash functions such as bcrypt have been created, where a randomness factor is added and its difficulty level (roughly the number of iterations). For more information: Encrypting passwords in PHP using bcrypt (Blowfish) (I highly recommend reading).

For the manipulation of the result and subsequent verification of passwords the information of the method used is stored and its cost (difficulty). In your case

Method: $a2 -> bcrypt

Cost: $08 -> Difficulty 8

What is left is the result of the hash function.

  • I can break that kind of encryption?

  • 1

    Yes, it is possible to break just like any other hash function. What will ensure that you are safe is the cost involved in finding the starting value. The interesting part of bcrypt is that it has a variable cost, that is, as computers become more powerful just increase the cost (difficulty) of the hash. However this value cannot be high because the time to calculate this hash increases considerably. If I’m not mistaken, the current value with a good cost-benefit (security x processing time) is at 10, but it would be good to check this information.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.