Mastodawn

Безопасное хранение паролей: соли, перцы и выбор алгоритма

Выбираете алгоритм хеширования паролей — берёте bcrypt, потому что все берут bcrypt, ставите rounds=10, потому что так в туториале, и идёте дальше. Разбираем, почему это может быть ошибкой, чем отличаются Argon2, scrypt и PBKDF2, и как правильно настроить каждый из них.

https://habr.com/ru/articles/1051800/

#хеширование_паролей #bcrypt #argon2 #криптография #информационная_безопасность #аутентификация #rainbow_tables #соль #PBKDF2 #scrypt

Безопасное хранение паролей: соли, перцы и выбор алгоритма

Если база данных утечёт, именно от алгоритма хеширования паролей будет зависеть, получит ли атакующий рабочие учётные данные за несколько часов или не получит ничего полезного...

Хабр

CyberVeille.ch May 21

📢 Fuite de données sur le serveur privé Dragonica Lunaris : 126 000 comptes exposés
📝 ## 🔍 Contexte

Source : Have I Been Pwned (haveibeenpwned.com), publié le 21 mai 2026.
📖 cyberveille : https://cyberveille.ch/posts/2026-05-21-fuite-de-donnees-sur-le-serveur-prive-dragonica-lunaris-126-000-comptes-exposes/
🌐 source : https://haveibeenpwned.com/Breach/Dragonica
#TTP #bcrypt #Cyberveille

Fuite de données sur le serveur privé Dragonica Lunaris : 126 000 comptes exposés

🔍 Contexte Source : Have I Been Pwned (haveibeenpwned.com), publié le 21 mai 2026. L’incident concerne Dragonica Lunaris, un serveur privé européen du jeu en ligne Dragonica. 📋 Détails de l’incident En décembre 2025, Dragonica Lunaris a été victime d’une violation de données. L’incident a conduit à l’exposition des informations personnelles de 126 000 utilisateurs. Les données compromises incluent : Adresses e-mail Noms d’utilisateur Dates de naissance Hachages de mots de passe bcrypt ✅ Réponse de l’opérateur L’opérateur du service a confirmé la violation et indiqué que la faille a depuis été corrigée.

CyberVeille

Reddit Tech VN Bot Jan 1

Phần 6 loạt bài về Hệ thống Quản lý Người dùng bằng JavaFX & MySQL tập trung vào băm mật khẩu an toàn với BCrypt (thay thế lưu trữ dạng văn bản thường). Hướng dẫn thiết thực cho sinh viên, đồ án tốt nghiệp và người học ứng dụng desktop Java. #JavaFX #BCrypt #PasswordSecurity #JavaProgramming #HệThốngQuảnLýNgườiDùng #MậtKhẩuAnToàn

https://www.reddit.com/r/programming/comments/1q0x8vp/javafx_user_management_system_bcrypt_password/

Reddit Tech VN Bot Jan 1

JavaFX & MySQL: Hệ thống Quản lý Người dùng - Mã hóa Mật khẩu BCrypt (Phần 6) 🖥️
Hệ thống Quản lý Người dùng hoàn chỉnh trong JavaFX & MySQL. Hướng dẫn mã hóa mật khẩu an toàn bằng BCrypt thay vì lưu trữ văn bản thông thường.
Tuyệt vời cho sinh viên, dự án cuối kỳ hoặc ai học lập trình JavaFX. Phần 6: https://youtu.be/LDD1Kan7tOI
#JavaFX #MySQL #BCrypt #QuanLyNguoiDung #LapTrinhJava
Phản hồi và góp ý được hoan nghênh! Cảm ơn!

https://www.reddit.com/r/programming/comments/1q0x8vp/javafx_user_ma

Part 6 | User Management System in JavaFX & MySQL | BCrypt Password Hashing & Secure Storage

YouTube

GripNews Nov 16, 2025

🌘 bcrypt 可能不安全的密碼雜湊原因？
➤ bcrypt 的 72 位元組密碼限制：一個被忽略的安全漏洞
✤ https://blog.enamya.me/posts/bcrypt-limitation
bcrypt 演算法因基於 Blowfish 密碼，僅處理前 72 位元組的密碼，導致長於此長度的密碼會被截斷，進而引發潛在安全風險。本文透過 Python 範例展示此問題，並提出使用 Argon2 或先以 SHA-256/SHA-512 雜湊再進行 bcrypt 處理等替代方案，同時提及 Python 3.0.0 版本已開始針對長密碼拋出錯誤。
+ 這篇文章非常有啟發性！我一直以為 bcrypt 是最安全的選擇，沒想到還有這樣的限制，幸好及早發現。謝謝作者的分享。
+ 感謝提供替代方案，Argon2 聽起來是個不錯的選擇。不過，對於已經使用 bcrypt 的系統，有沒有什麼比較好的遷移建議？
#密碼學 #bcrypt #安全性 #密碼雜湊

Why bcrypt Can Be Unsafe for Password Hashing ?

TL;DR: bcrypt ignores any bytes after the first 72 bytes, this is due to bcrypt being based on the Blowfish cipher which has this limitation. bcrypt has been a commonly used password hashing algorithm for decades, it’s slow by design, includes built-in salting, and has protected countless systems from brute-force attacks. But despite its solid reputation, it also has a few hidden limitations worth knowing about. Let’s take a look at this code:

enamya blog

Cyclone Sep 29, 2025

Since Wordpress v6.8, the default hash func produces a custom bcrypt hash: $wp$2y$10$...

More info on this custom algo, how it uses hmac-sha384, and how to crack them with hashcat.

https://forum.hashpwn.net/post/4205

#wordpress #bcrypt #wpbcrypt #hashcracking #hashpwn #hashgen #hashcat

Wordpress v6.8 Bcrypt - hmac-sha384

As announced on February 17, 2025, Wordpress is switching their hash function to their own rolled version of bcrypt: bcrypt(base64(hmac-sha384(key="wp-sha384...

hashpwn

Diego Córdoba 🇦🇷Jul 9, 2025

Hoy aprendí sobre el algoritmo de hash #bcrypt, basado en el cifrador de bloques #Blowfish, revisando un artículo de @andrea_navarro sobre extensiones de #Flask... particularmente sobre las extensiones de seguridad.

Y acabo de descubrir que es uno de los algoritmos soportados para la creación de passwords en GNU/Linux :D

Habrá que hacer algunos experimentos.

#gnu #linux #cryptography #criptografía #ciberseguridad #infosec #encrypt #hash #python #flask

Show thread

michabbb May 29, 2025

#4 👥 Leverage built-in authentication with #Breeze, #Fortify or #Jetstream
🗝️ Store passwords securely using #Bcrypt or #Argon2 hashing algorithms
🔑 Secure environment variables and force #HTTPS in production environments

Show thread

Uckermark MacGyver

May 23, 2025

@thinkberg this page is gold. Pitty that the #bcrypt one doesn't have a reference

Alvin Ashcraft 🐿️May 20, 2025

Post-Quantum Cryptography Comes to Windows Insiders and Linux.

https://techcommunity.microsoft.com/blog/microsoft-security-blog/post-quantum-cryptography-comes-to-windows-insiders-and-linux/4413803

#win32 #windows #ncrypt #bcrypt #cryptography #encryption #linux

Post-Quantum Cryptography Comes to Windows Insiders and Linux | Microsoft Community Hub

Introduction As the digital landscape continues to evolve, the emergence of quantum computing presents both significant opportunities and challenges....

TECHCOMMUNITY.MICROSOFT.COM