73

I'm trying to configure Bcrypt for a node app that I'm making and have several questions about salts that I hope someone here can help kindly answer.

  • What is a salt 'round'? For example, in the github docs (https://github.com/kelektiv/node.bcrypt.js/) it uses a salt round of 10. What does that mean exactly?

  • Is the salt generated by Bcrypt always the same? For example, if I am saving user's hashed passwords to a DB, is the salt that it used to hash the password the same for every password?

  • How is the salt stored? Is it secure from potential attacks?

doctopus
  • 5,349
  • 8
  • 53
  • 105

2 Answers2

109
  1. With "salt round" they actually mean the cost factor. The cost factor controls how much time is needed to calculate a single BCrypt hash. The higher the cost factor, the more hashing rounds are done. Increasing the cost factor by 1 doubles the necessary time. The more time is necessary, the more difficult is brute-forcing.
  2. The salt is a random value, and should differ for each calculation, so the result should hardly ever be the same, even for equal passwords.
  3. The salt is usually included in the resulting hash-string in readable form. So with storing the hash-string you also store the salt. Have a look at this answer for more details.
Alexis Wilke
  • 19,179
  • 10
  • 84
  • 156
martinstoeckli
  • 23,430
  • 6
  • 56
  • 87
  • can you explain what you mean by " The cost factor controls how much time is needed to calculate a single BCrypt hash." please ? thanks – Webwoman Jul 19 '18 at 16:31
  • 19
    @Webman - A cost factor of 10 means that the calculation is done 2^10 times which is about 1000 times. The more rounds of calculation you need to get the final hash, the more cpu/gpu time is necessary. This is no problem for calculating a single hash for a login, but it is a huge problem when you brute-force millions of password combinations. Tried to explain it in my password [tutorial](https://www.martinstoeckli.ch/hash/en/index.php). – martinstoeckli Jul 21 '18 at 08:09
  • Nice tutorial @martinstoeckli! – NealWalters Aug 13 '19 at 16:35
  • Do i need to know the number of salt rounds used when comparing a secret with a hash? – Learner Jul 05 '20 at 04:08
  • @Learner - Yes the cost factor needs to be stored like the salt. Some algorithms need even more information e.g. how much memory should be consumed. – martinstoeckli Jul 05 '20 at 15:30
  • 1
    Interesting. I am using bcryptjs....it looks as if the salt and # of rounds are stored with the hash... which explains why the bcrypt.compare(secret,hash) api does not take the # of rounds as an input? – Learner Jul 07 '20 at 01:44
  • @Learner - Exactly, follow the link in the answer to get an explanation about the hash format. – martinstoeckli Jul 07 '20 at 13:56
  • @Learner thank you for clarifying that, that was exactly what I was looking for. – bvdb Sep 12 '20 at 09:45
  • If salt is random then will it be different each time even if I enter the same password? or if I use another person's server who is using the same amount of salt rounds , wouldnt it be the same hash, otherwise it would be impossible to verify passwords? where is my misunderstanding? – T S Jul 11 '22 at 22:03
  • @TS - For verification of a password you don't generate a salt at all, instead you extract it from the stored password hash. This way you use the same salt for the stored and the entered password and the hashes become comparable. Follow the link in the answer to see an example of the stored hash, which includes the used salt. – martinstoeckli Jul 12 '22 at 08:07
  • @Webman Your tutorial breaks after the first two slides. – Sahil Rajput Nov 12 '22 at 15:25
  • 1
    @SahilRajput - it works right now, seems it was a temporary issue. – martinstoeckli Nov 12 '22 at 21:13
19

Salt is included in hash only and we need not to remember while comparing.

var myPlaintextPassword='Saifio';  
var saltRounds = 10;   
const hash = bcrypt.hashSync(myPlaintextPassword, saltRounds);


$2b$10$nOUIs5kJ7naTuTFkBy1veuK0kSxUFXfuaOKdOKf9xYT0KKIGSJwFa

| | | | | | | hash-value = K0kSxUFXfuaOKdOKf9xYT0KKIGSJwFa | | | | | salt = nOUIs5kJ7naTuTFkBy1veu | | | cost-factor = 10 = 2^10 iterations | hash-algorithm = 2b = BCrypt

Saifio
  • 321
  • 2
  • 4