In [1]:
!pip install bcrypt

Collecting bcrypt
  Downloading bcrypt-4.3.0-cp39-abi3-win_amd64.whl.metadata (10 kB)
Downloading bcrypt-4.3.0-cp39-abi3-win_amd64.whl (152 kB)
Installing collected packages: bcrypt
Successfully installed bcrypt-4.3.0


In [6]:
import bcrypt

def hash_password(password: str, strength: int = 17) -> bytes:
    """
    Hashes a password using BCrypt with a specified strength (cost factor).

    Args:
        password: The plain-text password string to hash.
        strength: The BCrypt cost factor (higher means more secure but slower).

    Returns:
        The hashed password as a bytes object.
    """
    # Encode the password string to bytes (BCrypt works with bytes)
    password_bytes = password.encode('utf-8')

    # Generate a salt and hash the password.
    # The 'strength' parameter corresponds to the 'rounds' or 'cost' factor.
    # A higher number increases the computational cost, making it harder to brute-force.
    hashed_password = bcrypt.hashpw(password_bytes, bcrypt.gensalt(rounds=strength))
    return hashed_password

def check_password(password: str, hashed_password: bytes) -> bool:
    """
    Checks if a plain-text password matches a given BCrypt hashed password.

    Args:
        password: The plain-text password string to check.
        hashed_password: The BCrypt hashed password (as bytes).

    Returns:
        True if the password matches the hash, False otherwise.
    """
    # Encode the password string to bytes
    password_bytes = password.encode('utf-8')

    # Use checkpw to compare the plain-text password with the hash.
    # bcrypt.checkpw handles the salt extraction and hashing internally.
    return bcrypt.checkpw(password_bytes, hashed_password)

if __name__ == "__main__":
    # --- Example Usage ---
    my_password = "Aditya@7157"
    strength_factor = 17 # As requested, equivalent to Spring Boot's strength

    print(f"Original Password: {my_password}")
    print(f"BCrypt Strength (cost factor): {strength_factor}")

    # 1. Hash the password
    hashed = hash_password(my_password, strength=strength_factor)
    print(f"\nHashed Password: {hashed.decode('utf-8')}") # Decode for display

    # 2. Verify the password (correct password)
    correct_password_attempt = "Aditya@7157"
    if check_password(correct_password_attempt, hashed):
        print(f"'{correct_password_attempt}' matches the hash. (Correct)")
    else:
        print(f"'{correct_password_attempt}' does NOT match the hash. (Incorrect)")

    # 3. Verify the password (incorrect password)
    incorrect_password_attempt = "wrongPassword"
    if check_password(incorrect_password_attempt, hashed):
        print(f"'{incorrect_password_attempt}' matches the hash. (Incorrect)")
    else:
        print(f"'{incorrect_password_attempt}' does NOT match the hash. (Correct)")

    # Demonstrate hashing a different password
    another_password = "anotherSecurePass"
    hashed_another = hash_password(another_password, strength=strength_factor)
    print(f"\nAnother Hashed Password: {hashed_another.decode('utf-8')}")

    # Note: Each call to hash_password with the same input will produce a different hash
    # because bcrypt.gensalt() generates a new random salt each time.
    # However, check_password will correctly verify the original password against any of these hashes.
    print("\nDemonstrating different hashes for the same password due to random salt:")
    hashed_1 = hash_password(my_password, strength=strength_factor)
    hashed_2 = hash_password(my_password, strength=strength_factor)
    print(f"First hash of '{my_password}': {hashed_1.decode('utf-8')}")
    print(f"Second hash of '{my_password}': {hashed_2.decode('utf-8')}")
    print(f"Do the hashes look identical? {'Yes' if hashed_1 == hashed_2 else 'No'} (They should be different!)")
    print(f"Does the first hash verify correctly? {check_password(my_password, hashed_1)}")
    print(f"Does the second hash verify correctly? {check_password(my_password, hashed_2)}")

Original Password: Aditya@7157
BCrypt Strength (cost factor): 17

Hashed Password: $2b$17$qhJASj0k0QL9ZXSloZ/r1u6xsnTrLE9bBZta8tpvZKM3FLqVsNslC
'Aditya@7157' matches the hash. (Correct)
'wrongPassword' does NOT match the hash. (Correct)

Another Hashed Password: $2b$17$exZR3MiDRgpx6tQm0zCFW.RD8x4qabKbVKgr09iPz277RnA4DmLWC

Demonstrating different hashes for the same password due to random salt:
First hash of 'Aditya@7157': $2b$17$.BL0tHVP/.HrXVYTYvDFvuj9bbZITshNRC.phpOs.7mi0RvYGxZbG
Second hash of 'Aditya@7157': $2b$17$asU6QVWqG5d6I0gqLp9kIetYvqGOQEPl0IHu7NhCpEc1eOfz5i9kW
Do the hashes look identical? No (They should be different!)
Does the first hash verify correctly? True
Does the second hash verify correctly? True
