Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 28 Jan 2021 19:18:46 +0000
From: Steve Ramage <>
To: <>
Subject: Bcrypt workfactor issue (possibly a bug)


I noticed some odd behavior in PHP where the manual page for crypt states that BCRYPT can support a password cost in the range of 04-31 ( While performing some benchmarks of times, I noticed that afte 19 it stopped working. 

Some further investigation found that this issue only affects PHP on alpine, using other images based on debian don't have this issue.

I noticed looking at the code (, that it seems as though if the cost function is greater than 19, we just return null (line 624 and 625). I can't find anything authoritative but Wikipedia and StackOverflow suggest that most implementations support up to 31.  I thought I would report the issue here first to see if a patch would be forth coming, and if not maybe file a bug either with alpine or php or something.

I created a small test case down below (although the last time I did any C was in uni a decade ago, so this might be way off base), that seems on Arch Linux to produce the same behavior, if you change the cost to 19 it works:

cat ./hello.c 
#include <stdio.h>
#include <crypt.h>

int main(int argc, char **argv) 
        printf("%s \n", crypt("hello", "$2a$20$usesomesillystringforsalt$"));
$ musl-gcc -static -Os hello.c  && time ./a.out 

real    0m0.001s
user    0m0.000s
sys     0m0.000s

$ gcc -lcrypt hello.c && time ./a.out 

real    0m59.021s
user    0m58.413s
sys     0m0.178s


Steve Ramage

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.