| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by timo_h 1164 days ago

> When using bcrypt, make sure to use the following algorithm to prevent the leading NULL byte problem. and the 72-character password limit:

> bcrypt(base64(sha-512(password)))

Pre-hashing the password, in this context, without a salt, is susceptible to hash shucking: https://security.stackexchange.com/questions/234794/is-bcryp...

Instead, use:

  bcrypt(base64(sha-512(password + global_salt)))

1 comments

catoc 1164 days ago

The stack exchange article seems to ascribe the risk to using MD5. While adding a (global or appended data) hash as you suggest cannot hurt, I wonder if the suggested weakness exist for sha-512.

link

timo_h 1163 days ago

The same principle applies to SHA-512 just the same (much cheaper to attack non-stretched SHA-512 hash than attacking directly the bcrypt hash).

There are both MD5 hashes and SHA-512 hashes lying around, which makes "hash shucking" possible for both of them.

link