[cryptography] Oddity in common bcrypt implementation

Jack Lloyd lloyd at randombit.net
Tue Jun 14 18:50:18 EDT 2011

On Tue, Jun 14, 2011 at 04:52:30PM -0500, Marsh Ray wrote:
> The first 7 chars "$2a$05$" are a configuration string. The subsequent 
> 53 characters (in theory) contains a 128 bit salt and a 192 bit hash 
> value. But 53 is an odd length (literally!) for a base64 string, as 
> base64 uses four characters to encode three bytes.
> I don't see an official reference for the format of bcrypt hashes. 
> There's the Usenix 99 paper, which is a great read in many ways, but 
> it's not a rigorous implementation spec.

I discovered this a while back when I wrote a bcrypt implementation.
Unfortunately the only real specification seems to be 'what the
OpenBSD implementation does'. And the OpenBSD implementation also
does this trunction, which you can see in



        encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext,
            4 * BCRYPT_BLOCKS - 1);

Niels Provos is probably the only reliable source as to why this
truncation was done though I assume it was some attempt to minimize
padding bits or reduce the hash size.


More information about the cryptography mailing list