Table of Contents

Bcrypt hashing algorithm for Password property types


Only available versions of this content are shown in the dropdown

To provide extra protection against brute-force attacks, Pega Platform uses salted bcrypt as the default hashing algorithm for Password property types. Bcrypt uses a modified key setup algorithm that requires a long time to process. Key strengthening makes a password more secure against brute-force attacks, meaning potential attackers must spend a substantial amount of time testing every possible key.

Bcrypt is an adaptive hashing algorithm based on the Blowfish symmetric block cipher cryptographic algorithm.

Changing the encryption algorithm

For on-premises deployments, ensure that you are using the salted bcrypt algorithm by removing all cryptographic‑related configuration settings from the prconfig.xml file:

  • crypto/v5oneway
  • crypto/v5onewahsha1
  • crypto/v5portable
  • crypto/onewayhashalgorithm
  • crypto/updatehash

Convert preexisting password hashes to use the new algorithm by editing or creating the following Dynamic System Settings in Dev Studio:

Dynamic System Setting Owning ruleset Setting purpose Value
one way hash algorithm Pega-Engine prconfig/crypto/onewayhashalgorithm bcrypt
update hash Pega-Engine prconfig/crypto/updatehash true
Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.