0

It seems that understanding what bcrypt is all about not clear for some people and as well as for me since I still keep reading SOF users' questions. I got an example here about how to use bcrypt hashing:How do you use bcrypt for hashing passwords in PHP

As I understand that bcrypt is one-way string, and if so that means I can use it for hashing only. There are some articles mention that bcrypt is also used for encrypting, which is none sense to me and that's because if I can encrypt a string that means I can decrypt it.

how the question is if bcrypt can be used for encryption, then how? can anyone give any example, please??

Thanks,

Community
  • 1
  • 1
Digital site
  • 4,431
  • 12
  • 48
  • 72

2 Answers2

2

The bcrypt hashfunction/KDF is for hashing only.

blowfish, on which bcrypt is based is a block cipher i.e. it is used for encryption.

There is also an unrelated program called bcrypt, which uses blowfish based encryption.

Unfortunately many people use bcrypt and blowfish interchangeably, which leads to confusion.

CodesInChaos
  • 106,488
  • 23
  • 218
  • 262
  • Thanks a lot for the clarification. so what was in the link above in my original post is hashing using bcrypt. And blowfish is a bcrypt-based function. ok, great to know. in this case if I want to encrypt information, I have to use blowfish to do this. – Digital site Feb 19 '12 at 13:27
  • @Fxdigi It's the other way round. The `bcrypt` hash is based on `blowfish`. For encryption you could use blowfish, but I'd prefer AES. – CodesInChaos Feb 19 '12 at 13:28
1

bcrypt() in php is a one way hashing function, so would not be suitable for two way encryption/decryption.

However there are packages availible called bcrypt which is not a PHP function which is just an implementation of the blowfish cipher which allows two way (encryption and decryption).

So bcrypt can do decryption however bcrypt() cannot

John Mitchell
  • 9,653
  • 9
  • 57
  • 91
  • Thanks John, great to know. I guess [phpass] has something related with bcrypt and some example(http://www.openwall.com/phpass/), but i was confused since many people use the same term for different uses. Thanks again for the info – Digital site Feb 19 '12 at 13:33