[magicalhippo]

Bcrypt is salted[1], so that shouldn't matter?

[1]: https://en.wikipedia.org/wiki/Bcrypt#Description

[Tade0]

Are you sure?

bcrypt stores the salt and retrieves it for comparison - otherwise you wouldn't be able to generate a matching hash.

Consider the case where a user has a very long username and sets their password to their userId + username + password thus recreating the scenario which lead to the incident.

[magicalhippo]

That was not my point. My point was there wouldn't be a hash collision just by two users with the same password due to the salting.

[Tade0]

There's no hash collision here, just two different hashes, each with its own salt, matching the same original phrase.

If you use only the password to generate the cache key, then this password will match regardless of salt, so users with the same password will generate a cache key matching that password.

[magicalhippo]

Yes, that's what I pointed out when you suggested there would be a problem with two different users having the same password.

[Tade0]

I'm getting the feeling that there's some kind of miscommunication here.

If only the password is used to generate the hash then that password, when used to match against a previously stored hash(cache key here), will also match it, thus producing the exact same vulnerability, but worse because it's enough to have the same password as someone else.

Salting does not help here at all.

[magicalhippo]

The whole point of salting is to avoid exactly that scenario, and, as I linked to, bcrypt requires salt.

So when you read "bcrypt(password)", that just means the salt is implicit, not that it isn't salted.