Hacker News new | past | comments | ask | show | jobs | submit login

Password lengths are variable. With passwords longer than 72 ASCII characters, you will lose entropy after that.

Let A be a 72 character long string, and B be A + X. Regardless of what X is, when bcrypted the result for A and B will be the same.




A random X does not reduce the entropy of bcrypt(B), just fails to add any additional entropy beyond bcrypt(A)'s.

Assuming C, where len(C) < 72, I don't know if it is possible at all to chose some value of Y such that:

D:= C+Y

Entropy(bcrypt(D))< Entropy(bcrypt(C))


"Lose" meaning it is thrown away. Not "lose" meaning it subtracts.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: