crypt function to hash (originally encrypt) password dates back to the
70s, and used some rotor-based encryption, à la Enigma. Wikipedia has a nice
about its complete history.
In February 1997, Niels Provos switched
DES to a
BLOWFISH based hashing
system that he
David Mazieres, called
bcrypt. It landed
in OpenBSD 2.1. Its main innovation
was the introduction of a cost
allowing it to be kept relevant for years to come.
In 2007, Linux switched from MD5 to SHA-512, thanks to Ulrich Drepper, and is still using it as default hashing scheme as of 2019.
bcrypt is now widely used to hash passwords,
and is supported by every major unix-like (FreeBSD, NetBSD, Linux, Solaris, …),
is implemented in various languages, … and had broad
on how the world is storing passwords.
As Provos said in 2023:
A crucial aspect of bcrypt’s resistance to GPU optimization lies in its memory access pattern spanning 4KB during the key setup phase, which is inefficient to parallelize on GPUs with small L1 caches (Malvoni et al., 2014). That said, NVidia increased the L1 cache significantly to 16MB for the RTX 4090 and bcrypt’s 4KB is a tiny amount of memory these days.