bcrypt character limit in PHP

Question

bcrypt character limit in PHP

Asked 5 years, 5 months ago

Viewed 244 times

0

In the PHP documentation for the function password_hash has the notice:

Care Using PASSWORD_BCRYPT as algorithm, will result in the parameter password truncated to a maximum length of 72 characters.

That is, if I pass a password with more than 72 characters the function disregards the extra characters of the end

In the question here Sopt How to hash passwords securely, is told by the best answer on bcrypt:

Disadvantages:

[...]

The password entry is limited to 51 characters. For larger passwords, someone would have to combine bcrypt with a hash function (compute the password hash, and use the output with bcrypt). Combining cryptographic primitives has risks, so this is not recommended for general use.

Doubts:

This is what PHP uses to increase the character limit?
This extra limit brings some security problem?
It can be disabled or swindled?

1 answer

Browser other questions tagged php security-guard hash bcrypt

You are not signed in. Login or sign up in order to post.

by Inkeliz • **20,671** points · Answer 1 · 2019-01-20T01:57:29+00:00

The limit is 72 bytes, not 51. The limit of 51 is wrong, or is a mess, or recent implementations do not follow the original. In fact, it seems to me that this limit originates from the Blowfish limit, the Blowfish is an encryption algorithm where the key size was 448 bits (56 bytes), such an algorithm is used by Bcrypt.

The version of Bcrypt 2A (and following) requires the password to use UTF-8 and to terminate a null, so it is used 71 characters + 1 null.

This is what PHP uses to increase the character limit?

No. PHP uses normal Bcrypt, including its output can be used in other implementations of other languages.

This extra limit brings some security problem?

No, not in general. No ordinary user uses passwords greater than 71 characters, however it would be ideal to limit user input and notify you that the password is long.

It can be disabled or swindled?

Use another algorithm, PHP already supports Argon2id, which is the winner of PHC and in older versions already has support for PBKDF2, which is an alternative too, although I do not advise. If you are using some obsolete version, then security is not a priority.

If you really want to use gambiarras, it exists as, but also have side effects.

password_hash(base64_encode(hash("sha384", $password, true)), PASSWORD_BCRYPT)

This will cause the user input to use the sha384, first, before Bcrypt. Bcrypt will use the sha384 (48 bytes) in Base64 (staying within the limit, using 64 characters). But, you will decrease the maximum entropy from 71 to 48. The reason to use the sha384 is because of the size, and the Base64 is to prevent premature nulls, because Bcrypt is vulnerable to nulls, so to speak.