Cryptography & Security
Password hashing with bcrypt, session secrets, and safe patterns
bcrypt Password Hashing
Use ASPPY.crypto.Hash(password, rounds) to hash passwords.
| Password | ***** |
|---|---|
| bcrypt hash | $2b$10$lAStNYNaYf6De.QUr8MBmOx.tOFx2tRTewrCNgIOfeWaMcsXBSL/q |
| Length | 60 chars |
Verify Password
Use ASPPY.crypto.Verify(password, hash) to check.
Stored hash: $2b$10$J1elxrWnfSxDR2s1BHqv9uQPQP5GhU5BE...
Try "testpassword" (correct) or any other value.
Secure Session Secret
Derive a per-session secret using bcrypt hash as key material.
Your session secret: $2b$10$3S.XCIA9HB/L6Z9IIgR4euJUcv6knBCvd...
Generated once per session using bcrypt with a random seed.
Safe Password Storage Pattern
bcrypt already includes a random salt — just hash and store the result.
| Password | *********** |
|---|---|
| Hash #1 | $2b$10$tR2KB0VkmPz1.ghgOwQ43.KoN7LQ3DaLw3IrhxewqW3rbRtXyYfAG |
| Hash #2 | $2b$10$vn35eioPeLKWYp7QzO1rUOS6sMcDsPGCjYELnHMDSLdHj/IucKWbC |
| Same password? |
Note: each hash is different because bcrypt generates a new random salt every time.