How is Bcrypt better than md5 + salt?

Question

Please read the updates too since my "actual confusion" is in there.

It has been quiet sometime, since Joomla! started supporting the bcrypt hashing algorithm, alongside the md5 + salt that has been the defacto since Joomla! 1.5.

Now my question is "As an end user, what benefits do I get if I start using Bcrypt right away, In comparison to the current algorithm viz. MD5 + salt? Does it even make any difference for a normal blog with a few hundred visitors daily?"

Update:-

Also I read somewhere that due to the speed of md5 hashing, My password could be easily calculated in a matter of days/months @ most.

But does this not require my hash to already be present with the attacker to compare to? And If he/she doesn't have the hash in the first place, then how does the hashing algorithm that I use, affect my sites security? And eventually he ends up having to Brute Force my login page anyways?

And if its down to Brute Forcing their way through, then isn't Bcrypt equally vulnerable to password guessing?

Answer 1

From what I understand Bcrypt is safer. It's made to be slower, this makes it harder for an attacker to brute-force a password. It can be configured to iterate more and more which is useful since CPU's are getting more powerful.

That's the point of having configurable slowness: you can make the function as slow as you wish. Or, more accurately, as slow as you can tolerate: indeed, a slow function is slow for everybody, attacker and defender alike.

These links might be of some help:

https://security.stackexchange.com/questions/61385/the-brute-force-resistence-of-bcrypt-versus-md5-for-password-hashing

https://www.bentasker.co.uk/blog/security/201-why-you-should-be-asking-how-your-passwords-are-stored

What's the difference between bcrypt and hashing multiple times?

https://www.quora.com/What-is-the-difference-between-bcrypt-and-general-hashing-functions-like-MD5

https://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage/6415#6415

Answer 2

But does this not require my hash to already be present with the attacker to compare to? And If he/she doesn't have the hash in the first place, then how does the hashing algorithm that I use, affect my sites security? And eventually he ends up having to Brute Force my login page anyways?

First, no. Many sites allow login attempts without a rate limit. With MD5, assuming the servers can handle it, a user could very rapidly attempt to brute-force passwords just by trying lots of passwords in quick succession. bcrypt's slowness guarantees that such an attempt will be much slower.

Second, a key security concept in computing is defense in depth. You don't want just one level of security - it's fairly easy to accidentally write a SQL injection vulnerability that might let an attacker dump password hashes. By using bcrypt, you limit the damage such a vulnerability can cause.

Answer 3

Besides a "salt", BCrypt accepts a "cost" argument - which is its main feature. Cost is the amount of computational work you want to apply to the hashing. Think of it as re-hashing the result 2^n times, where n is the cost.

The hashed string will be something like cost;hashed_string (ex. 20;5D4140). This, of course, is not the real format, but an oversimplification to show the idea.

This "cost" concept makes BCrypt "obsolescence resistant". If in 10 years the computational power increases 1,000 times you just need to re-hash your hashes with a higher "n" (no need to have the original value to increase cost).