Open in app

Sign in

Write

Sign in

Using Bcrypt as password encoder can be problematic when passwords are non-ASCII characters

Hugo
2 min readNov 24, 2022

It’s an issue to simply use the Spring Security BCryp function as password encoder. What is Bcrypt? https://www.baeldung.com/spring-security-registration-password-encoding-bcrypt#define-the-password-encoder

Bcrypt has limit to hash the password which is maximum 72 bytes.

https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length/184090#184090

It works fine for ASCII characters if restricting the input to be less than 72 ASCII characters, but it doesn’t work well for non-ASCII. If your passwords are longer than 72 bytes, the remaing parts are ignored.

Example: password ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ is 36 charaters and 72 bytes.

using password ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄaaaa

can also login. Bcrypt sees the above two passwords are the same and that means the password is restricted to 72 bytes, not by the number of characters.

You might think why not to restrict the password to ASCII characters. It’s not recommended by all guidelines because it decreases the complexity of password. Then why password length should be restricted? DDoS Attack!

All password guideliens suggest to not limit the type of characters

Verify that there are no password composition rules limiting the type of characters permitted. There should be no requirement for upper or lower case or numbers or special characters.

ASVS/0x11-V2-Authentication.md at master · OWASP/ASVS

Verifiers SHALL require subscriber-chosen memorized secrets to be at least 8 characters in length. Verifiers SHOULD permit subscriber-chosen memorized secrets at least 64 characters in length.

NIST Special Publication 800–63B

The solution for the problem is not new, and in 2016 dropbox published the solution: https://dropbox.tech/security/how-dropbox-securely-stores-your-passwords

instead of

bcrypt(passwrod)

you use

bcrypt(sha512(password))

As sha512(password) will ouput the constant length that bcrypt accepts, this can help the password encoder to support non-ASCII characters.

How safe is this approach? it’s verifed in https://security.stackexchange.com/questions/6623/pre-hash-password-before-applying-bcrypt-to-avoid-restricting-password-length

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Bcrypt
Passwords
Spring Security
Hugo
Hugo

Written by Hugo

18 Followers
6 Following

Responses (3)

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams