Passwords hashing
The crypt
function to hash (originally encrypt) password dates back to the
70s, and used some rotor-based encryption, à la Enigma. Wikipedia has a nice
article
about its complete history.
In February 1997, Niels Provos switched
OpenBSD’s crypt
from
DES to a
BLOWFISH based hashing
system that he
invented with
David Mazieres, called bcrypt
. It landed
in OpenBSD 2.1. Its main innovation
was the introduction of a cost
factor,
allowing it to be kept relevant for years to come.
In 2007, Linux switched from MD5 to SHA-512, thanks to Ulrich Drepper, and is still using it as default hashing scheme as of 2019.
bcrypt
is now widely used to hash passwords,
and is supported by every major unix-like (FreeBSD, NetBSD, Linux, Solaris, …),
is implemented in various languages, … and had broad
influence
on how the world is storing passwords.
Nowadays, bcrypt is a starting to become a thing from the past, as passwords should be hashed via algorithms providing proper memory-hardness like Argon2 (2015), yescrypt (2012) and scrypt (2009).
As Provos said in 2023:
A crucial aspect of bcrypt’s resistance to GPU optimization lies in its memory access pattern spanning 4KB during the key setup phase, which is inefficient to parallelize on GPUs with small L1 caches (Malvoni et al., 2014). That said, NVidia increased the L1 cache significantly to 16MB for the RTX 4090 and bcrypt’s 4KB is a tiny amount of memory these days.