What is bcrypt?

bcrypt is a password-hashing function designed by Niels Provos and David Mazières and presented at USENIX in 1999 to securely hash passwords. It is based on the Blowfish cipher and incorporates a salt to protect against rainbow table attacks and other common password-cracking techniques. Bcrypt is widely used in the industry and is considered one of the most secure methods for hashing passwords.

The bcrypt function accepts a password string (up to 72 bytes), a numeric cost, and a salt value of 16 bytes (128 bits). Usually, the salt is an arbitrary number. These inputs are used by the bcrypt function to calculate a 24-byte (192-bit) hash. The final output of the bcrypt function is a string of the form:

$2<a/b/x/y>$[cost]$[22 character salt][31 character hash]

Example:

$2a$12$R9h/cIPz0gi.URNNX3kh2OPST9/PgBkqquzi.Ss7KIUgO2t0jWMUW
\__/\/ \____________________/\_____________________________/
Alg Cost Salt Hash

Where:

$2a$: The hash algorithm identifier (bcrypt)

12: Input cost (212 i.e. 4096 rounds)

R9h/cIPz0gi.URNNX3kh2O: A base-64 encoding of the input salt

PST9/PgBkqquzi.Ss7KIUgO2t0jWMUW: A base-64 encoding of the first 23 bytes of the computed 24 byte hash

NPM bcrypt

bcrypt is a popular npm package used for password hashing. It utilizes the bcrypt hashing algorithm, which is designed to be slow and computationally intensive, making it resistant to brute-force attacks even with the increasing computational power of modern hardware.

Similar Reads

What is bcrypt?

bcrypt is a password-hashing function designed by Niels Provos and David Mazières and presented at USENIX in 1999 to securely hash passwords. It is based on the Blowfish cipher and incorporates a salt to protect against rainbow table attacks and other common password-cracking techniques. Bcrypt is widely used in the industry and is considered one of the most secure methods for hashing passwords....

Installation

You can install this package with npm using following command:...

Hashing a Password

To hash a password using bcrypt, you’ll typically use the ” bcrypt.hash() “ function....

Comparing a Password

To compare a plain-text password with a hashed password, you can use the bcrypt.compare() function....

Why do we use bcrypt for password hashing?

The reasons why bcrypt is the preferred choice for password hashing are following:...