Skip to main content

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Using the bcrypt hashing algorithm for Password property types

Suggest edit Updated on September 10, 2021

Bcrypt is an adaptive hashing algorithm that is based on the Blowfish symmetric block cipher cryptographic algorithm. Bcrypt uses a modified key setup algorithm that requires a long time to process. Key strengthening makes a password more secure against brute-force attacks, because an attacker must spend a substantial amount of time testing each possible key.

Beginning with version 7.2.2, the Pega 7 Platform uses salted bcrypt as the default hashing algorithm for Password property types.

Changing the encryption algorithm

For on-premises deployments, to be certain that the salted bcrypt algorithm is used, remove all cryptographic-related configuration settings from the prconfig.xml file:

  • crypto/v5oneway
  • crypto/v5onewahsha1
  • crypto/v5portable
  • crypto/onewayhashalgorithm
  • crypto/updatehash

Convert preexisting password hashes to use the new algorithm by editing or creating the following Dynamic System Settings in Designer Studio.

Dynamic System SettingOwning rulesetSetting purposeValue
one way hash algorithmPega-Engineprconfig/crypto/onewayhashalgorithmbcrypt
update hashPega-Engineprconfig/crypto/updatehashtrue

For more information about configuring Dynamic System Settings, see Adding a Dynamic System Settings.

Did you find this content helpful? YesNo

50% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us