Password Hashing with Bcrypt in Flask (original) (raw)

Last Updated : 11 Jun, 2026

Password hashing converts plaintext passwords into secure hashed values that cannot be easily reversed. Bcrypt is a widely used password-hashing function based on the Blowfish cipher, designed to be computationally expensive and resistant to brute-force attacks, making password storage more secure in Flask applications.

Key Terminologies

• **Password Hashing: The process of converting a plaintext password into a secure hashed format.
• **Bcrypt: A password-hashing function based on the Blowfish cipher.
• **Salt: Random data that is used as additional input to a one-way function that hashes a password or passphrase.
• **Hashing Algorithm: A mathematical function that converts a plaintext password into a fixed-length hash value.
• **Iterations: Iterations (Cost Factor): Determines how computationally expensive the bcrypt hashing process will be.

Implementation

Step 1: Install Flask-Bcrypt

Install the Flask-Bcrypt extension using pip to enable password hashing functionality.

pip install flask flask-bcrypt

Step 2: Import Flask-Bcrypt

Import the Bcrypt class from the flask_bcrypt module to use bcrypt hashing methods in the application.

from flask_bcrypt import Bcrypt

Step 3: Create a Bcrypt Object

Create a Bcrypt object by passing the Flask application instance to initialize bcrypt support for password hashing and verification.

bcrypt = Bcrypt(app)

Step 4: Hash a Password

Use the generate_password_hash() method to securely hash a plaintext password. The generated hash is decoded using decode('utf-8') because the method returns the hash as a bytes object.

hashed_password = bcrypt.generate_password_hash(
'password'
).decode('utf-8')

Step 5: Verify a Password

Use the check_password_hash() method to compare a plaintext password with its hashed version. The method returns True if both match; otherwise, it returns False.

is_valid = bcrypt.check_password_hash(
hashed_password,
'password'
)

Complete Code

Here is an example of how to implement Bcrypt in a Flask app.

Python `

from flask import Flask from flask_bcrypt import Bcrypt

app = Flask(name) bcrypt = Bcrypt(app)

@app.route('/') def index(): password = 'password' hashed_password = bcrypt.generate_password_hash (password).decode('utf-8') is_valid = bcrypt.check_password_hash (hashed_password, password) return f"Password: {password}
Hashed Password: {hashed_password}
Is Valid: {is_valid}"

if name == 'main': app.run()

`

**Output:

After running the Flask application, the hashed password and verification result are displayed in the browser.

Output

Related Articles:

• Hashing Passwords in Python with BCrypt
• How To Hash Passwords In Python
• Flask
• hashing