bcrypt

sammysammy
2 min read

Bcyrpt is a module that stores passwords securely by converting them to hashed passwords that are difficult to reverse. Bcyrpt module is based on bcrypt hash algorithm.

Bcrypt module has several methods that help it hash functions and checks passwords.

how it works

salting - this is the initial step where system generates a random string that will be added to the password to ensure even if two people have same password they will be different when hashed and stored in database for each password.

hashing - this step where the combined salt and password are hashed multiple times in a process called key stretching which is slow and computationally expensive. This is by design to make it difficult for attackers to brute-force.

storage - the final output is the hashed password made out of salt and password. It is stored in database. So when user tries to login the system retieves the salt and rehashes the user entered passwords and compares it with password stored in database to check if they match. If they match the user is allowed access if hashed passwords do not match the user is denied entry to log in,

import bcrypt

password = b'super_secret_password'

salt = bcrypt.gensalt()

hashed_password = bcrypt.hashpw(password, salt)


print("Salt: ", salt)
print("hashed password: ", hashed_password)

entred_password = b"super_secret_password"
if bcrypt.checkpw(entred_password, hashed_password):
    print("password match")

else:
    print("password don't match")
0
Subscribe to my newsletter

Read articles from sammy directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Bcrypt brute forcePython

Written by

sammy
sammy

I am an aspiring software engineer.By writing this article.I am commit myself accountable to provide valuable content to you reader oftenly every weekend about amazing programming concepts and technologies.To help you in your learning journey also.