The other day, I was directed at an interesting question on StackOverflow asking if password_verify() was safe against DoS attacks using extremely long passwords. Many hashing algorithms depend on the amount of data fed into them, which affects their runtime. This can lead to a DoS attack where an attacker can provide an exceedingly long password and tie up computer resources. It’s a really good question to ask of Bcrypt (and password_hash). As you may know, Bcrypt is limited to 72 character passwords. So on the surface it looks like it shouldn’t be vulnerable. But I chose to dig in further to be sure. What I found surprised me.

Today, I’m doing a talk at PHP Benelux 13 on Password Storage and Attacking in PHP. Here are the slides for that talk, as well as the accompanying GitHub repo that I use throughout the talk. When the videos are posted, I’ll make a followup post that links to it. Without rambling on further, click through for the links!

There are numerous articles on the web about how to properly use bcrypt in PHP. So this time, rather than write yet-another-how-to-use-bcrypt article, I’m going to focus on the mistakes that are commonly made when implementing bcrypt. So, let’s dive right in: