Is Bcrypt used for Hashing or Encryption? A bit of confusion

security encryption hash blowfish bcrypt
ThinkingMonkey picture ThinkingMonkey · Jan 27, 2012 · Viewed 16.6k times · Source

I have been reading about bcrypt (application perspective). Thinking of using it to store passwords on my site.

Out of some stuff that I read it suggests either ways:

  • e.g. 1: Bcrypt is a cross platform file encryption utility from bcrypt
  • e.g. 2: bcrypt is an adaptive password hashing algorithm which uses the Blowfish keying schedule, not a symmetric encryption algorithm. from How To Safely Store A Password
  • bcrypt is an adaptive cryptographic hash function for passwords designed by Niels Provos and David Mazières, based on the Blowfish cipher: from bcrypt wiki

What exactly is Bcrypt?

Answer

PaulG picture PaulG · Jan 27, 2012

It is both :)

Most of the time when people mention BCrypt, they are talking about the adaptive hash algorithm, but it is also the name of an unrelated file encryption utility.

Both are based on the Blowfish cipher.

Related questions

Fundamental difference between Hashing and Encryption algorithms

I see a lot of confusion between hashes and encryption algorithms and I would like to hear some more expert advice about: When to use hashes vs encryptions What makes a hash or encryption algorithm different (from a theoretical/mathematical …

Read More
SHA512 vs. Blowfish and Bcrypt

I'm looking at hashing algorithms, but couldn't find an answer. Bcrypt uses Blowfish Blowfish is better than MD5 Q: but is Blowfish better than SHA512? Thanks.. Update: I want to clarify that I understand the difference between hashing and encryption. …

Read More
Difference between Hashing a Password and Encrypting it

The current top-voted to this question states: Another one that's not so much a security issue, although it is security-related, is complete and abject failure to grok the difference between hashing a password and encrypting it. Most commonly found in …

Read More