Bcrypt hashing algorithm for Password property types

Updated on March 15, 2022

To provide extra protection against brute-force attacks, Pega Platform uses salted bcrypt as the default hashing algorithm for Password property types. Bcrypt uses a modified key setup algorithm that requires a long time to process. Key strengthening makes a password more secure against brute-force attacks, meaning potential attackers must spend a substantial amount of time testing every possible key.

Bcrypt is an adaptive hashing algorithm based on the Blowfish symmetric block cipher cryptographic algorithm.

Changing the encryption algorithm

For on-premises deployments, ensure that you are using the salted bcrypt algorithm by removing all cryptographic‑related configuration settings from the prconfig.xml file:

crypto/v5oneway
crypto/v5onewahsha1
crypto/v5portable
crypto/onewayhashalgorithm
crypto/updatehash

Convert preexisting password hashes to use the new algorithm by editing or creating the following Dynamic System Settings in Dev Studio:

Dynamic System Setting	Owning ruleset	Setting purpose	Value
one way hash algorithm	Pega-Engine	prconfig/crypto/onewayhashalgorithm	bcrypt
update hash	Pega-Engine	prconfig/crypto/updatehash	true

Previous topic Creating a dynamic system setting
Next topic Defining cross-origin resource sharing policies

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Support Center

Get Started with Community

Bcrypt hashing algorithm for Password property types

Changing the encryption algorithm

Have a question? Get answers now.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

Get Started with Community

Changing the encryption algorithm

Have a question? Get answers now.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.