When data breaches went from being an occasional threat to a persistent fact of life during the early 2010s, one question would come up again and again as victim organizations, cybersecurity researchers, law enforcement, and regular people assessed the fallout from each incident: Which password hashing algorithm had the target used to protect its user's passwords?
If the answer was a faulty cryptographic function like SHA-1 or PBKDF2—not to mention the nightmare of passwords stored in plaintext with no encryption scrambling at all—the victim had more to worry about because it meant that it would be easier for whoever stole the data to crack the passwords, directly access users' accounts, and try those passwords elsewhere in case people had reused them. If the answer was the algorithm known as bcrypt, though, there was at least one less thing to panic about.
Bcrypt turns 25 this year, and Niels Provos, one of its co-inventors, says that looking back, the algorithm has always had good energy thanks to its open source availability and the technical characteristics that have fueled its longevity. Provos spoke to WIRED about a retrospective on the algorithm that he published this week in Usenix ;login:. Like so many digital workhorses, though, there are now more robust and secure alternatives to bcrypt, including the hashing algorithms known as scrypt and Argon2. And Provos himself says that the quarter-century milestone is plenty for bcrypt and that he hopes it will lose popularity before celebrating another major birthday.
A version of bcrypt first shipped with the open source operating system OpenBSD 2.1 in June 1997. At the time, the United States still imposed stringent export limits on cryptography. But Provos, who grew up in Germany, worked on its development while he was still living and studying there.
“One thing I found so surprising was how popular it became,” he says. “I think i...