Skip to content

Bcrypt

Medium — good to knowSecurity

ELI5 — The Vibe Check

Bcrypt is the gold-standard password hasher that's intentionally slow. Slow sounds bad, but it's a feature — it takes a hacker way longer to crack your passwords because each guess is expensive to compute. It also auto-salts for you, so you get two security wins in one.

Real Talk

Bcrypt is a password hashing function designed by Niels Provos and David Mazières. It incorporates a work factor (cost parameter) that controls how computationally expensive the hash is, making brute-force attacks impractical. It automatically generates and embeds a salt.

Show Me The Code

import bcrypt from 'bcrypt';

// Hash password (cost factor 12)
const hash = await bcrypt.hash(plaintextPassword, 12);

// Verify on login
const valid = await bcrypt.compare(plaintextPassword, storedHash);
if (!valid) return res.status(401).json({ error: 'Invalid credentials' });

When You'll Hear This

"Use bcrypt for password hashing, not MD5." / "Increase the bcrypt rounds to 12 on modern hardware."

Related Terms

Hashing

Hashing is a one-way blender for data. You throw a password in, it spits out a weird string of letters and numbers, and there's no way to reverse it.

beginnerSecurity

MD5 (MD5)

MD5 is the old grandpa hash algorithm — fast, but full of holes.

beginnerSecurity

Password Manager

A password manager remembers all your passwords so you don't have to reuse the same one everywhere.

beginnerSecurity

Salt

A salt is random gibberish you add to a password before hashing it so two people with the same password get completely different hashes.

intermediateSecurity

SHA (SHA)

SHA (Secure Hash Algorithm) is a family of blenders for data.

intermediateSecurity
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.