[buzer]

> Have they did a bcrypt(password + userId + username), it won't be so bad. Order of entropy is important.

That depends on how exactly it was used. If it was simply used to check if previous authentication was successful (without the value containing information who it was successful for) then single long password could be used to authenticate as anyone.

[ww520]

> single long password could be used to authenticate as anyone.

Only if everyone uses the same long prefix for password.

[buzer]

No. If the value of the cache key is simply true/false then someone would first login to their own account using the long password. This would result in storing:

bcrypt(longpassword + 123456 + me@foobar.com) = bcrypt(longpassword) = hash1 -> true

If they then try login as you@bar.com using same password there would be a cache lookup:

bcrypt(longpassword + 1111111 + you@bar.com) = bcrypt(longpassword) = hash1 -> true