Implement 'bcrypt' Password Verfication in Python

Understanding bcrypt: Secure Password Hashing in Python

Protecting user passwords is one of the most important parts of any authentication system. Instead of storing passwords as plain text, developers use hashing algorithms to convert passwords into unreadable strings. One of the most secure and widely used hashing algorithms today is bcrypt. In this article, I will explain what bcrypt is, how password hashing works, and how to implement bcrypt in Python with practical examples of registration and login.

Table of contents

1. What bcrypt is
2. How Password Hashing Works
3. How to Implement bcrypt in Python
    3.1. Install bcrypt
    3.2. Hashing a password
    3.3. Verifying the password
4. Practical Examples of Registration & Login
    4.1. Registration Example
    4.2. Login Example
5. Conclusion

What bcrypt is

bcrypt is a password-hashing function based on the Blowfish cipher. It is designed to be:

• Slow – prevents brute-force attacks
• Salted – prevents rainbow table attacks
• Secure – against modern cracking techniques

bcrypt is widely used in:

• Web applications
• Authentication APIs
• Modern frameworks
• Secure login systems

---

How Password Hashing Works

Password hashing is a process that converts a readable password into a fixed-length, irreversible string. This string is called a hash, and it cannot be converted back to the original password.

Here's how hashing works in an authentication system:

1. User enters a password during registration.
2. The system generates a unique salt (a random value).
3. The password and salt are combined and passed through a hashing algorithm.
4. The resulting hash is stored in the database instead of the real password.
5. During login, the user enters a password again.
6. The system hashes the input password using the same method and compares it with the stored hash.
7. If both hashes match → access is granted.

Because hashing is one-way, even if someone accesses the database, they cannot decode the original passwords. bcrypt strengthens this process by slowing down hashing operations and using strong salts, making attacks extremely difficult.

---

How to Implement bcrypt in Python

Implementing bcrypt in Python is straightforward, thanks to the bcrypt library. The process involves two main steps: hashing passwords and verifying passwords.

1. Install bcrypt

Before writing code, install the library:

pip install bcrypt

2. Hashing a password

This step is used during user registration.

import bcrypt

password = "MySecurePassword".encode("utf-8")
salt = bcrypt.gensalt()
hashed_password = bcrypt.hashpw(password, salt)

Here, bcrypt automatically:

• Generates a secure random salt
• Mixes the password with the salt
• Produces a strong, irreversible hash

You store hashed_password in your database.

3. Verifying the password

This step is used when a user logs in.

entered_password = "MySecurePassword".encode("utf-8")

if bcrypt.checkpw(entered_password, hashed_password):
    print("Password is correct")
else:
    print("Invalid password")

checkpw() handles the comparison securely and automatically extracts the salt from the stored hash.

---

Practical Examples of Registration & Login

Below is a simple implementation of registration and login using bcrypt.

Registration Example (Hashing & Saving Password)

import bcrypt

def register_user(password):
    password = password.encode("utf-8")
    hashed = bcrypt.hashpw(password, bcrypt.gensalt())
    return hashed  # Save this in your database


# Simulate a user registering
stored_hash = register_user("UserPassword123")
print("Stored Hash:", stored_hash)

During registration:

• The password is converted to bytes
• bcrypt generates a salt
• The password is hashed securely
• Only the hash is stored in the database

Login Example (Verifying the Password)

import bcrypt

def login_user(entered_password, stored_hash):
    entered_password = entered_password.encode("utf-8")
    return bcrypt.checkpw(entered_password, stored_hash)


# Simulate a login attempt
if login_user("UserPassword123", stored_hash):
    print("✅ Login successful!")
else:
    print("❌ Incorrect password.")

During login:

• The user enters a password
• bcrypt hashes it using the same salt stored inside the hash
• If both hashes match → access is granted

Note: If you want to explore a complete authentication system that uses different tech stacks (Python, Node.js, MERN, MEVN, JWT, etc.), you can refer to my GitHub repository here. This project demonstrates multiple real-world authentication implementations, making it a great resource to understand how password hashing and verification work across various technologies.

---

Conclusion

Implementing bcrypt for password verification in Python is one of the most effective ways to secure user authentication. bcrypt strengthens password protection through salts, slow hashing, and resistance to brute-force attacks. By hashing passwords during registration and verifying them safely during login, applications can significantly reduce security risks.

With just a few lines of code, developers can create a reliable and secure authentication flow, making bcrypt a practical choice for real-world systems and modern applications.