Analysis Performance BCRYPT Algorithm to Improve Password Security from Brute Force

Abstract

The Bcrypt algorithm is a hashing function created from the Blowfish Algorithm by two computer security researchers, Niels Provos and David Mazieres. This hashing function has several advantages, using the original random salt (the salt is the order in which it is added to the password to make it harder to bruteforce). Random salts also prevent lookup table creation. On this basis, the authors try to do a Brute Force experiment on plaintext that has been encrypted by the Bcrypt Algorithm based on 3 characters, namely alphabetic characters, numeric characters and mixed characters to see the security results of the Bcrypt Algorithm. From the results of tests conducted, the alphabetic character with a total of 4 characters can be returned to the original plaintext within 4 days while if the number of 5 characters cannot be found the original plaintext. Then the numeric characters with a total of 7 characters can be found in the original plaintext within 10 hours. Meanwhile, for mixed characters with a total of 7 characters, the original plaintext cannot be found within 5 days. The results of this study indicate that the security performance of the Bcrypt Algorithm is very good in warding off Brute Force attacks for mixed characters while the numeric and alphabetic characters are not good enough.