[Cryptography] encrypting bcrypt hashes
Robin Wood
robin at digininja.org
Wed Mar 8 05:45:41 EST 2017
Hi
I've been asked by a client to give some advice on hashing and as it isn't
my area I'm looking for someone who knows what they are talking about.
The client is hashing 4-6 digit PINs (mostly 4 digit) with bcrypt, they
have the work factor set as high as the business will allow them but they
are worried that due to the small key space it will still be possible to
reverse individual PINs. They are now thinking of encrypting the hashes
before storing them to add an extra layer of protection. The encryption is
fast enough to not affect login times so my suggestion of using the
additional processing to increase the work factor instead was rejected.
What do people think? I can't see it hurting and adding the additional
hurdle probably won't hurt but I've heard of odd interactions between
different algorithms so don't want to say to do it without someone who
knows their stuff looking at it.
Robin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170308/127f028b/attachment.html>
More information about the cryptography
mailing list