david wong

Hey! I'm David, a security engineer at the Blockchain team of Facebook, previously a security consultant for the Cryptography Services of NCC Group. I'm also the author of the Real World Cryptography book. This is my blog about cryptography and security and other related topics that I find interesting.

How facebook hash its passwords posted January 2015

$cur  = 'plaintext'
$cur  = md5($cur)
$salt = randbytes(20)
$cur  = hmac_sha1($cur, $salt)
$cur  = cryptoservice::hmac($cur)
        [= hmac_sha256($cur, $secret)]
$cur  = scrypt($cur, $salt)
$cur  = hmac_sha256($cur, $salt)

the explanation is here

tl;dr: the md5 is here for legacy purpose, cryptoservice::hmac is to add a secret salt, scrypt (which is a kdf not a hash) is for slowing brute force attempts and the sha256 is here for shortening the output.

Well done! You've reached the end of my post. Now you can leave me a comment :)