How to compare plain text password to hashed password using bcrypt?

python bcrypt
MFB picture MFB · Mar 4, 2012 · Viewed 36.5k times · Source

I would like to use bcrypt to hash passwords and later verify if a supplied password is correct.

Hashing passwords is easy:

import bcrypt

password = u'foobar'
password_hashed = bcrypt.hashpw(password, bcrypt.gensalt())

# then store password_hashed in a database

How can I compare a plain text password to the stored hash?

Answer

user1581840 picture user1581840 · Oct 21, 2012

With py-bcrypt, you don't need to store the salt separately: bcrypt stores the salt in the hash.

You can simply use the hash as a salt, and the salt is stored in the beginning of the hash.

>>> import bcrypt
>>> salt = bcrypt.gensalt()
>>> hashed = bcrypt.hashpw('secret', salt)
>>> hashed.find(salt)
0
>>> hashed == bcrypt.hashpw('secret', hashed)
True
>>>

Related questions

'bytes' object has no attribute 'encode'

I'm trying to store salt and hashed password before inserting each document into a collection. But on encoding the salt and password, it shows the following error: line 26, in before_insert document['salt'] = bcrypt.gensalt().encode('utf-8') AttributeError: 'bytes' …

Read More
Error installing bcrypt with pip on OS X: can't find ffi.h (libffi is installed)

I'm getting this error when trying to install bcrypt with pip. I have libffi installed in a couple places (the Xcode OS X SDK, and from homebrew), but I don't know how to tell pip to look for it. Any …

Read More
flask-bcrypt - ValueError: Invalid salt

I was finishing up a simple user login with Flask and flask-Bcrypt. However, when trying to login with a user that is stored in my database, I keep getting this error ValueError: Invalid salt models.py class User(db.Model): __…

Read More