bcrypt

bcrypt merupakan fungsi hashing kata sandi yang dirancang oleh dua orang peneliti keamanan komputer Niels Provos dan David Mazières, cipher Blowfish adalah dasar pembuatan bcrypt, dan disajikan di USENIX pada tahun 1999.^[1] bcrypt dapat melindungi dari serangan rainbow table dengan mengunakan salt, selain itu, bcrypt adalah fungsi adaptif: seiring waktu, jumlah iterasi dapat ditingkatkan untuk membuatnya lebih lambat, sehingga tetap aman terhadap serangan pencarian brute-force bahkan dengan meningkatnya daya komputasi.

Fungsi bcrypt merupakan algoritme hash password dasar untuk OpenBSD ^[2] dan sistem lain termasuk beberapa distribusi Linux seperti SUSE Linux .^[3]

bcrypt dapat diimplementasikan pada bahasa pemrograman PHP, Python, JavaScript, C, C ++, C #, Go,^[4] Java,^[5]^[6] Elixir,^[7] Perl,^[8] Ruby dan bahasa lain

Algortima

Algoritme bcrypt adalah hasil dari enkripsi teks "OrpheanBeholderScryDoubt" 64 kali menggunakan Blowfish . Dalam bcrypt fungsi biasa key setup pada Blowfish digantikan dengan fungsi expensive key setup (EksBlowfishSetup)

Function bcrypt
   Input:
      cost:     Number (4..31)                      log₂(Iterations). e.g. 12 ==> 2¹² = 4,096 iterations
      salt:     array of Bytes (16 bytes)           random salt
      password: array of Bytes (1..72 bytes)        UTF-8 encoded password
   Output: 
      hash:     array of Bytes (24 bytes)

   //Initialize Blowfish state with expensive key setup algorithm
   state  <- EksBlowfishSetup(cost, salt, password)   

   //Repeatedly encrypt the text "OrpheanBeholderScryDoubt" 64 times
   ctext  <- "OrpheanBeholderScryDoubt"  //24 bytes ==> three 64-bit blocks
   repeat (64)
      ctext  EncryptECB(state, ctext) //encrypt using standard Blowfish in ECB mode

   //24-byte <- ctext is resulting password hash
   return Concatenate(cost, salt, ctext)

Expensive key setup

Algoritme bcrypt sangat bergantung pada algoritme key setup "Eksblowfish", berikut algoritmanya:

Function EksBlowfishSetup
   Input:
      cost:     Number (4..31)                      log₂(Iterations). e.g. 12 ==> 2¹² = 4,096 iterations
      salt:     array of Bytes (16 bytes)           random salt
      password: array of Bytes (1..72 bytes)        UTF-8 encoded password
   Output: 
      state:    opaque BlowFish state structure
 
   state  <- InitialState()
   state  <- ExpandKey(state, salt, password)
   repeat (2^cost)
      state  <- ExpandKey(state, 0, password)
      state  <- ExpandKey(state, 0, salt)

    return state

Expand key

Berikut algoritme fungsi ExpandKey

Function ExpandKey(state, salt, password)
   Input:
      state:    Opaque BlowFish state structure     Internally contains P-array and S-box entries
      salt:     array of Bytes (16 bytes)           random salt
      password: array of Bytes (1..72 bytes)        UTF-8 encoded password
   Output: 
      state:    opaque BlowFish state structure
 
   //Mix password into the internal P-array of state
   for n  <- 1 to 18 do
      P_n  <- P_n xor password[32(n-1)..32n-1] //treat the password as cyclic

   //Encrypt state using the lower 8 bytes of salt, and store the 8 byte result in P₁|P₂
   block  <- Encrypt(state, salt[0..63])
   P₁  <- block[0..31]  //lower 32-bits
   P₂  <- block[32..63] //upper 32-bits

   //Continue encrypting state with salt, and storing results in remaining P-array
   for n  <- 2 to 9 do
      block  <- Encrypt(state, block xor salt[64(n-1)..64n-1]) //encrypt using the current key schedule and treat the salt as cyclic
      P_2n-1  <- block[0..31] //lower 32-bits
      P_2n  <- block[32..63]  //upper 32-bits

   //Mix encrypted state into the internal S-boxes of state
   for i  <- 1 to 4 do
      for n  <- 0 to 127 do
         block  <- Encrypt(state, block xor salt[64(n-1)..64n-1]) //as above
         S_i[2n]    <- block[0..31]  //lower 32-bits
         S_i[2n+1]  <- block[32..63]  //upper 32-bits
    return state

Referensi

^ Provos, Niels; Mazières, David; Talan Jason Sutton 2012 (1999). "A Future-Adaptable Password Scheme". Proceedings of 1999 USENIX Annual Technical Conference: 81–92.
^ "Commit of first work to repo". 13 Feb 1997.
^ "SUSE Security Announcement: (SUSE-SA:2011:035)". 23 August 2011. Diarsipkan dari versi asli tanggal 4 March 2016. Diakses tanggal 20 August 2015. SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.
^ "Package bcrypt". godoc.org.
^ "jBCrypt - strong password hashing for Java". www.mindrot.org (dalam bahasa Inggris). Diakses tanggal 2017-03-11.
^ "bcrypt - A Java standalone implementation of the bcrypt password hash function". github.com (dalam bahasa Inggris). Diakses tanggal 2018-07-19.
^ Whitlock, David. "Bcrypt Elixir: Bcrypt password hashing algorithm for Elixir". GitHub. riverrun.
^ Stufft, Donald. "bcrypt: Modern password hashing for your software and your servers".

[provos-1] Provos, Niels; Mazières, David; Talan Jason Sutton 2012 (1999). "A Future-Adaptable Password Scheme". Proceedings of 1999 USENIX Annual Technical Conference: 81–92.

[original-2] "Commit of first work to repo". 13 Feb 1997.

[3] "SUSE Security Announcement: (SUSE-SA:2011:035)". 23 August 2011. Diarsipkan dari versi asli tanggal 4 March 2016. Diakses tanggal 20 August 2015. SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.

[4] "Package bcrypt". godoc.org.

[5] "jBCrypt - strong password hashing for Java". www.mindrot.org (dalam bahasa Inggris). Diakses tanggal 2017-03-11.

[6] "bcrypt - A Java standalone implementation of the bcrypt password hash function". github.com (dalam bahasa Inggris). Diakses tanggal 2018-07-19.

[7] Whitlock, David. "Bcrypt Elixir: Bcrypt password hashing algorithm for Elixir". GitHub. riverrun.

[8] Stufft, Donald. "bcrypt: Modern password hashing for your software and your servers".

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

l b s Fungsi hash dan kode autentikasi pesan (MAC) dalam kriptografi
Daftar Perbandingan Serangan yang diketahui
Fungsi umum	MD5 SHA-1 SHA-2 SHA-3 BLAKE2
Finalis SHA-3	BLAKE Grøstl JH Skein Keccak (pemenang)
Fungsi lainnya	BLAKE3 CubeHash ECOH FSB GOST HAS-160 HAVAL Kupyna LSH MD2 MD4 MD6 MDC-2 N-hash RIPEMD RadioGatún SM3 SWIFFT Snefru Streebog Tiger VSH Whirlpool
Hash kata sandi/ fungsi perentang kunci	Argon2 Balon bcrypt Catena crypt LM hash Lyra2 Makwa PBKDF2 scrypt yescrypt
Fungsi penurunan kunci pemakaian umum	HKDF KDF1/KDF2
Fungsi MAC	DAA CBC-MAC GMAC HMAC NMAC OMAC/CMAC PMAC VMAC UMAC Poly1305 SipHash
Mode enkripsi terautentikasi	CCM CWC EAX GCM IAPM OCB
Serangan	Collision attack Preimage attack Birthday attack Brute-force attack Rainbow table Side-channel attack Length extension attack
Desain	Efek salju longsor Tumbukan hash Konstruksi Merkle–Damgård Fungsi busa Konstruksi HAIFA
Standardisasi	CRYPTREC NESSIE Sayembara fungsi hash NIST
Peralatan/perkakas	Hash-based cryptography Pohon Merkle Autentikasi pesan Proof of work Salt Pepper