How to decrypt hash stored by bcrypt

You’re HASHING, not ENCRYPTING!

What’s the difference?

The difference is that hashing is a one way function, where encryption is a two-way function.

So, how do you ascertain that the password is right?

Therefore, when a user submits a password, you don’t decrypt your stored hash, instead you perform the same bcrypt operation on the user input and compare the hashes. If they’re identical, you accept the authentication.

Should you hash or encrypt passwords?

What you’re doing now — hashing the passwords — is correct. If you were to simply encrypt passwords, a breach of security of your application could allow a malicious user to trivially learn all user passwords. If you hash (or better, salt and hash) passwords, the user needs to crack passwords (which is computationally expensive on bcrypt) to gain that knowledge.

As your users probably use their passwords in more than one place, this will help to protect them.

Leave a Comment

deneme bonusu veren sitelerbahis casinomakrobetceltabetpinbahispolobetpolobet girişpinbahis girişmakrobet girişpulibet girişmobilbahis girişkolaybet giriş