# bcrypt (Password Hashing)

bcrypt is a password hashing algorithm based on the Blowfish cipher, created in 1999. It is designed specifically for secure password storage by making each hash computation intentionally slow to hinder brute-force attacks.

---

## Key Features

- **Built-in Salt:**  
  Automatically generates a 16-byte random salt to protect against rainbow table attacks.

- **Cost Factor (Work Factor):**  
  Configurable parameter (e.g., 12 means 2^12 iterations) that controls the hashing speed. A higher cost factor increases security at the expense of performance.

- **Hash Format:**  
  Produces a 60-character string containing the version, cost factor, salt, and hashed password. For example:
  ```
  $2b$12$saltsaltsaltsaltsalt$hashedPasswordValue...
  ```

- **Slow by Design:**  
  The deliberate slowness makes brute-force password cracking computationally expensive.

---

## How bcrypt Works

1. **Password Input:**  
   A user chooses a plain-text password.

2. **Salt Generation:**  
   bcrypt generates a unique, random 16-byte salt.

3. **Hashing Process:**  
   The password and salt are combined and processed through an expensive key schedule based on the Blowfish cipher for a number of iterations determined by the cost factor.

4. **Output:**  
   The result is a secure hash string that encapsulates all necessary parameters (version, cost factor, salt, and hash).

5. **Verification:**  
   To verify a password, bcrypt rehashes the provided password using the same salt and cost factor, then compares the result with the stored hash.

---

## Communication Flow (Login Scenario)

1. **Registration:**
   - Alice chooses a password, e.g., `"mypassword"`.
   - bcrypt hashes the password and stores the resulting hash in the database.

2. **Login:**
   - Alice enters her password.
   - The system hashes the entered password using the stored salt and cost factor.
   - The new hash is compared to the stored hash:
     - **Match:** Access is granted.
     - **Mismatch:** Access is denied.

3. **Attack Resistance:**
   - If an attacker (Eve) steals the database, she sees only bcrypt hashes—not the plain-text passwords. Due to the salt and the high cost factor, cracking these hashes is very slow and costly.

---

## Parameters Summary

- **Password:**  
  The plain-text input provided by the user.

- **Salt:**  
  A randomly generated 16-byte value automatically incorporated into the hashing process.

- **Cost Factor:**  
  The number of rounds (e.g., cost factor 12 corresponds to 2^12 iterations) used to intensify the computation.

- **Hash Output:**  
  A 60-character string that includes all required information to verify a password.

---
# Cost Factor

> cost = number of hashing rounds = 2^cost
> 

| Cost | Time (approx) | Notes |
| --- | --- | --- |
| 10 | 100–300ms | Common default |
| 12 | 500–800ms | More secure |
| 14+ | 1–2 sec | Stronger, but slower login UX |

> Choose a cost that takes ~500ms to 1 second on your current hardware.
>

## Security Notes

- **Built-in Salt:**  
  Defends against rainbow table and precomputed attacks.

- **Configurable Cost:**  
  Allows adjustment of computational effort to remain secure as hardware improves.

- **Not Memory-Hard:**  
  bcrypt does not require a large amount of memory, making it somewhat less resistant to GPU/ASIC-based attacks compared to memory-hard functions like Argon2id.

- **Usage Recommendation:**  
  Whenever possible, use Argon2id for enhanced resistance against specialized hardware attacks; bcrypt remains a secure and widely adopted alternative.

---

## Where bcrypt Is Used

- **Web Applications:**  
  Widely used for securely storing user passwords in online services.

- **Linux/Unix Systems:**  
  Often utilized in `/etc/shadow` for password storage.

- **Other Secure Applications:**  
  Applicable in any scenario requiring robust password hashing.

---

In [1]:
# pip install bcrypt
import bcrypt

# --- User registers password ---
password = b"supersecret123"

# Generate salt and hash
salt = bcrypt.gensalt(rounds=12)   # cost factor = 12
hashed = bcrypt.hashpw(password, salt)

print("Stored bcrypt hash:", hashed)

# --- User logs in ---
login_attempt = b"supersecret123"
if bcrypt.checkpw(login_attempt, hashed):
    print("Password correct")
else:
    print("Password incorrect")


Stored bcrypt hash: b'$2b$12$C2oKCC7joQoXwX/6Klidi.UN0YN/Yld9au9WJR/fut00RPWiwc.by'
Password correct
