Bcrypt is an adaptive hashing algorithm that is based on the Blowfish symmetric block cipher cryptographic algorithm. Bcrypt uses a modified key setup algorithm that requires a long time to process. Key strengthening makes a password more secure against brute-force attacks, because an attacker must spend a substantial amount of time testing each possible key.
Beginning with version 7.2.2, the Pega 7 Platform uses salted bcrypt as the default hashing algorithm for Password property types.
Changing the encryption algorithm
For on-premises deployments, to be certain that the salted bcrypt algorithm is used, remove all cryptographic-related configuration settings from thefile:
Convert preexisting password hashes to use the new algorithm by editing or creating the following Dynamic System Settings in Designer Studio.
|Dynamic System Setting||Owning ruleset||Setting purpose||Value|
|one way hash algorithm||Pega-Engine||prconfig/crypto/onewayhashalgorithm||bcrypt|
For more information about configuring Dynamic System Settings, see Adding a Dynamic System Settings.