|
|
|
|
|
|
by jcase
4890 days ago
|
|
|
It's 72 actually. I thought it was 56 as mentioned on the original [?] BCrypt website[1]. A thread[2] on security/stackexchange discusses a workaround for the 72 char limit. See https://gist.github.com/4690368 for a simple test case that shows the >72 char truncation. The source provides a hint: /* Schneier specifies a maximum key length of 56 bytes.
* This ensures that every key bit affects every cipher
* bit. However, the subkeys can hold up to 72 bytes.
* Warning: For normal blowfish encryption only 56 bytes
* of the key affect all cipherbits.
*/
[1] http://bcrypt.sourceforge.net/[2] http://security.stackexchange.com/questions/21524/bcrypts-72... |
|
|