Open In App

Password Hashing with Bcrypt in Flask

Improve
Improve
Like Article
Like
Save
Share
Report

In this article, we will use Password Hashing with Bcrypt in Flask using Python. Password hashing is the process of converting a plaintext password into a hashed or encrypted format that cannot be easily reverse-engineered to reveal the original password. Bcrypt is a popular hashing algorithm used to hash passwords. It is a password-hashing function that is based on the Blowfish cipher and is designed to be slow and computationally expensive, making it more difficult for attackers to guess or crack passwords.

Key Terminologies:

  • Password Hashing: The process of converting a plaintext password into a hashed or encrypted format.
  • Bcrypt: A password-hashing function based on the Blowfish cipher.
  • Salt: Random data that is used as additional input to a one-way function that hashes a password or passphrase.
  • Hashing Algorithm: A mathematical function that converts a plaintext password into a fixed-length hash value.
  • Iterations: The number of times a password is hashed using the bcrypt algorithm.

Stepwise Implement with Bcrypt in Flask

Step 1: Install Flask-Bcrypt

To use Bcrypt in Flask, we need to install the Flask-Bcrypt extension. We can install it using pip.

pip install flask-bcrypt

Step 2: Import Flask-Bcrypt

We need to import the Bcrypt module from Flask-Bcrypt in our Flask app.

Python3




from flask_bcrypt import Bcrypt


Step 3: Create a Bcrypt Object

We need to create a Bcrypt object and pass our Flask app as an argument.

Python3




bcrypt = Bcrypt(app)


Step 4: Hash a Password

We need to decode the hashed password using Python decode(‘utf-8’) as the generate_password_hash() function returns a bytes object. We can hash a password using the generate_password_hash() function of the Bcrypt object.

Python3




hashed_password = bcrypt.generate_password_hash
                ('password').decode('utf-8')


Step 5: Verify a Password

The check_password_hash() function returns True if the password matches the hashed password, otherwise, it returns False. We can verify a password using the check_password_hash() function of the Bcrypt object.

Python3




is_valid = bcrypt.check_password_hash(hashed_password, 'password')


Complete Code

Here is an example of how to implement Bcrypt in a Flask app.

Python3




from flask import Flask
from flask_bcrypt import Bcrypt
  
app = Flask(__name__)
bcrypt = Bcrypt(app)
  
@app.route('/')
def index():
    password = 'password'
    hashed_password = bcrypt.generate_password_hash
                            (password).decode('utf-8')
    is_valid = bcrypt.check_password_hash
                            (hashed_password, password)
    return f"Password: {password}<br>Hashed Password: 
                          {hashed_password}<br>Is Valid: {is_valid}"
  
if __name__ == '__main__':
    app.run()


Output:

When we run the Flask app, we will see the following output.

Password Hashing with Bcrypt in Flask

Output

Related Articles: 



Last Updated : 21 Mar, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads