What is the maximum character limit that this bcrypt library can handle?

Question

What is the maximum character limit that this bcrypt library can handle?

penguinawesome opened this issue 4 years ago · comments

What is the maximum character limit that this bcrypt library can handle? I saw on others that it can handle up to 72 characters, or 55 characters, I am not sure with this library. I would like to know what is the maximum characters.

Chris McKee · Answer 1 · Wed Jan 27 2021 23:24:18 GMT+0800 (China Standard Time)

In the case of the library 72
https://github.com/BcryptNet/bcrypt.net/blob/main/src/BCrypt.Net.UnitTests/BCryptTests.cs#L105-L112

But you can retain entropy above this with the 'enhanced hashing' functionality.

Awesome · Answer 2 · Thu Jan 28 2021 01:16:51 GMT+0800 (China Standard Time)

@ChrisMcKee if we're gonna use the enhanced hashing, what would be the new max characters limit?

Chris McKee · Answer 3 · Thu Jan 28 2021 01:48:20 GMT+0800 (China Standard Time)

Heat death of the universe or the maximum achievable entropy of SHA384 whichever comes first

Chris McKee · Answer 4 · Thu Jan 28 2021 01:49:41 GMT+0800 (China Standard Time)

The enhanced hashing basically pre-hashes the key in order to avoid loss of entropy over the 72 character limit.
Its a common implementation (rather than one pulled out of my ... head) 😄

Awesome · Answer 5 · Fri Jan 29 2021 18:18:19 GMT+0800 (China Standard Time)

Thanks @ChrisMcKee :D this library is awesome! We will try to use this.