sayzard20h ago

Are Your Passwords in the Green?

Hive Systems가 2025년 비밀번호 크래킹 난이도 표를 발표했다. 최신 RTX 5090 GPU 12대를 사용해 bcrypt 해시(작업 인자 10)를 기준으로 비밀번호가 얼마나 빨리 크래킹될 수 있는지 분석했으며, 이는 실제 해킹 환경과 비밀번호 해시 설정을 반영한 현실적인 평가다. 이 표는 2020년부터 매년 GPU 성능과 해시 알고리즘 변화를 반영해 업데이트되고 있으며, bcrypt가 현재 가장 많이 사용되는 해시 방식임을 데이터로 뒷받침한다. AI 개발자들은 GPU 성능과 해시 알고리즘 설정이 비밀번호 보안에 미치는 영향을 이해하는 데 참고할 수 있다.

https://www.hivesystems.com/blog/are-your-passwords-in-the-green

#passwordsecurity #bcrypt #gpu #hashing #cybersecurity

The 2025 Hive Systems Password Table Is Here - Passwords Are Easier to Crack Than Ever

Passwords that felt secure a year ago might not hold up in 2025. Hive Systems’ updated Password Table reveals just how much faster hackers can break into accounts today. See the latest cracking times and find out if your passwords are still safe while downloading your copy.

Hive Systems
Reddit Tech VN BotJan 1

Phần 6 loạt bài về Hệ thống Quản lý Người dùng bằng JavaFX & MySQL tập trung vào băm mật khẩu an toàn với BCrypt (thay thế lưu trữ dạng văn bản thường). Hướng dẫn thiết thực cho sinh viên, đồ án tốt nghiệp và người học ứng dụng desktop Java. #JavaFX #BCrypt #PasswordSecurity #JavaProgramming #HệThốngQuảnLýNgườiDùng #MậtKhẩuAnToàn

https://www.reddit.com/r/programming/comments/1q0x8vp/javafx_user_management_system_bcrypt_password/

Reddit Tech VN BotJan 1

JavaFX & MySQL: Hệ thống Quản lý Người dùng - Mã hóa Mật khẩu BCrypt (Phần 6) 🖥️
Hệ thống Quản lý Người dùng hoàn chỉnh trong JavaFX & MySQL. Hướng dẫn mã hóa mật khẩu an toàn bằng BCrypt thay vì lưu trữ văn bản thông thường.
Tuyệt vời cho sinh viên, dự án cuối kỳ hoặc ai học lập trình JavaFX. Phần 6: https://youtu.be/LDD1Kan7tOI
#JavaFX #MySQL #BCrypt #QuanLyNguoiDung #LapTrinhJava
Phản hồi và góp ý được hoan nghênh! Cảm ơn!

https://www.reddit.com/r/programming/comments/1q0x8vp/javafx_user_ma

Part 6 | User Management System in JavaFX & MySQL | BCrypt Password Hashing & Secure Storage

YouTube
GripNewsNov 16
🌘 bcrypt 可能不安全的密碼雜湊原因?
➤ bcrypt 的 72 位元組密碼限制:一個被忽略的安全漏洞
https://blog.enamya.me/posts/bcrypt-limitation
bcrypt 演算法因基於 Blowfish 密碼,僅處理前 72 位元組的密碼,導致長於此長度的密碼會被截斷,進而引發潛在安全風險。本文透過 Python 範例展示此問題,並提出使用 Argon2 或先以 SHA-256/SHA-512 雜湊再進行 bcrypt 處理等替代方案,同時提及 Python 3.0.0 版本已開始針對長密碼拋出錯誤。
+ 這篇文章非常有啟發性!我一直以為 bcrypt 是最安全的選擇,沒想到還有這樣的限制,幸好及早發現。謝謝作者的分享。
+ 感謝提供替代方案,Argon2 聽起來是個不錯的選擇。不過,對於已經使用 bcrypt 的系統,有沒有什麼比較好的遷移建議?
#密碼學 #bcrypt #安全性 #密碼雜湊
Why bcrypt Can Be Unsafe for Password Hashing ?

TL;DR: bcrypt ignores any bytes after the first 72 bytes, this is due to bcrypt being based on the Blowfish cipher which has this limitation. bcrypt has been a commonly used password hashing algorithm for decades, it’s slow by design, includes built-in salting, and has protected countless systems from brute-force attacks. But despite its solid reputation, it also has a few hidden limitations worth knowing about. Let’s take a look at this code:

enamya blog
CycloneSep 29, 2025

Since Wordpress v6.8, the default hash func produces a custom bcrypt hash: $wp$2y$10$...

More info on this custom algo, how it uses hmac-sha384, and how to crack them with hashcat.

https://forum.hashpwn.net/post/4205

#wordpress #bcrypt #wpbcrypt #hashcracking #hashpwn #hashgen #hashcat

Wordpress v6.8 Bcrypt - hmac-sha384

As announced on February 17, 2025, Wordpress is switching their hash function to their own rolled version of bcrypt: bcrypt(base64(hmac-sha384(key="wp-sha384...

hashpwn
Diego Córdoba 🇦🇷Jul 9, 2025

Hoy aprendí sobre el algoritmo de hash #bcrypt, basado en el cifrador de bloques #Blowfish, revisando un artículo de @andrea_navarro sobre extensiones de #Flask... particularmente sobre las extensiones de seguridad.

Y acabo de descubrir que es uno de los algoritmos soportados para la creación de passwords en GNU/Linux :D

Habrá que hacer algunos experimentos.

#gnu #linux #cryptography #criptografía #ciberseguridad #infosec #encrypt #hash #python #flask

Show threadmichabbbMay 29, 2025
#4 👥 Leverage built-in authentication with #Breeze, #Fortify or #Jetstream
🗝️ Store passwords securely using #Bcrypt or #Argon2 hashing algorithms
🔑 Secure environment variables and force #HTTPS in production environments
Show threadUckermark MacGyver May 23, 2025
@thinkberg this page is gold. Pitty that the #bcrypt one doesn't have a reference
Alvin Ashcraft 🐿️May 20, 2025

Post-Quantum Cryptography Comes to Windows Insiders and Linux.

https://techcommunity.microsoft.com/blog/microsoft-security-blog/post-quantum-cryptography-comes-to-windows-insiders-and-linux/4413803

#win32 #windows #ncrypt #bcrypt #cryptography #encryption #linux

Post-Quantum Cryptography Comes to Windows Insiders and Linux | Microsoft Community Hub

Introduction  As the digital landscape continues to evolve, the emergence of quantum computing presents both significant opportunities and challenges....

TECHCOMMUNITY.MICROSOFT.COM
Show threadFelix Palmen  May 4, 2025

@jadi This "#OpenBSD is secure!" claim always annoyed me a lot, mainly because it doesn't tell anything: #Security in IT can only ever be defined in a context of #threat models. Without that, it's meaningless. Somewhat recently, I discovered this:

https://isopenbsdsecu.re/

I should warn it uses some sarcasm and other confrontative language in some parts, unfortunately. But it seems to be a pretty professional analysis and assessment of (mostly) the "mitigations" OpenBSD provides in an attempt to counter "typical" attacks by at least making them harder.

I should also add that I consider this a very interesting and helpful read, and still consider OpenBSD a great project that came up with lots of great stuff (I recently used their #bcrypt code after doing some research on password hashing, for example). And I don't agree with every single criticism on that page either. I just think it's important to build assessments whether something "is secure" on a serious analytical foundation.

Is OpenBSD secure?