In the world of online security, protecting your passwords is like locking the door to your digital house. One powerful way to do this is by using something called bcrypt, which is like a super-smart lock for your passwords. Let's explore how this works, without getting too technical.
How Bcrypt Keeps Your Passwords Safe
Imagine you have a secret password, like your own personal key to your digital life. Bcrypt takes that password and does some clever math to turn it into a secret code. This code is unique to your password, like your very own secret language that only your computer understands.
Now, here's where bcrypt gets even smarter. It adds a little extra something called a "salt" to your password before turning it into a secret code. Think of the salt as a unique ingredient that makes your password even more secure. Every password gets its own special salt, so even if two people have the same password, their secret codes will look completely different.
How Bcrypt Helps Your Password Stay Safe
When you create a new account or set a password, bcrypt does its magic and creates this secret code. It keeps this secret code safe in the computer, and it doesn't even know what your original password is – it's like turning your password into a secret recipe that only your computer chef knows.
Later, when you come back and type in your password to log in, bcrypt checks if the secret code it made matches the one it stored. It doesn't need to know your actual password – it just knows if the secret code matches. This is like your computer bouncer checking if you have the right secret handshake to let you into your digital party.
Making It Simple in Python
Here's a quick look at how Python, a computer language, uses bcrypt:
First, using the terminal window, we must import the Bcrypt library to python using:
Pipenv install flask-bcrypt
Then in your config.py file instantiate an instance of Bcrypt on your app:
from flask_bcrypt import Bcrypt
# Wrapping your app using the Bcrypt method
bcrypt = Bcrypt(app)
Then inside of your app.py file, or the file that holds your User model, you could implement the methods from Bcrypt like:
#additional import from the SQLalchemy library for handling the password variable indirectly
from sqlalchemy.ext.hybrid import hybrid_property
# Creating a secret code for your password
class User(db.Model)
__tablename__ = "users"
id = db.Column(db.Integer, primary_key=True)
_password_hash = db.Column(db.String)
@hybrid_property
def password_hash(self):
# this prevents the password from being accessed directly from the database
raise Exception("Cannot access password hashes")
@password_hash.setter
def password_hash(self, password):
hashed_pw = bcrypt.generate_password_hash(password).decode("utf8")
#this sets the password property indirectly to prevent it being changed by direct methods from outside sources
self._password_hash = hashed_pw
hashed_password = bcrypt.hashpw("your_password".encode('utf-8'), bcrypt.gensalt())
# Checking if your entered password matches the secret code
is_password_correct = bcrypt.checkpw("your_entered_password".encode('utf-8'), hashed_password)
In simpler terms, bcrypt helps create a secret code for your password that’s unique and hard for bad guys to crack. It adds a sprinkle of extra security with a salt, making your password extra safe. It’s like having a guardian for your digital key, ensuring only you can unlock the door to your online world. Stay safe and secure those passwords!
Top comments (0)