Skip to main content

Table of Contents

Bcrypt hashing algorithm for Password property types


Only available versions of this content are shown in the dropdown

To provide extra protection against brute-force attacks, Pega Platform uses salted bcrypt as the default hashing algorithm for Password property types. Bcrypt uses a modified key setup algorithm that requires a long time to process. Key strengthening makes a password more secure against brute-force attacks, meaning potential attackers must spend a substantial amount of time testing every possible key.

Bcrypt is an adaptive hashing algorithm based on the Blowfish symmetric block cipher cryptographic algorithm.

Changing the encryption algorithm

For on-premises deployments, ensure that you are using the salted bcrypt algorithm by removing all cryptographic‑related configuration settings from the prconfig.xml file:

  • crypto/v5oneway
  • crypto/v5onewahsha1
  • crypto/v5portable
  • crypto/onewayhashalgorithm
  • crypto/updatehash

Convert preexisting password hashes to use the new algorithm by editing or creating the following Dynamic System Settings in Dev Studio:

Dynamic System Setting Owning ruleset Setting purpose Value
one way hash algorithm Pega-Engine prconfig/crypto/onewayhashalgorithm bcrypt
update hash Pega-Engine prconfig/crypto/updatehash true
Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us