Key Stretching Algorithms
Key stretching is where you append a random set of characters to a password to increase the size of the password and its hash, ensuring that a brute-force attack needs more compute time to crack the password.
- BCRYPT: BCRYPT is a password-hashing algorithm based on the Blowfish cipher. It is used to salt the passwords. A random string is appended to the password to increase the password length to help increase the compute time for a brute-force attack.
- PBKDF2: PBKDF2 stores passwords with a random salt and with the password hash using HMAC. It then iterates, which forces the regeneration of every password and prevents any rainbow table attack. A rainbow table is a list of passwords and their corresponding hash.
Tip
Symmetric encryption is used to encrypt large amounts of data as they have small, fast keys and use block ciphers.