Bcrypt Generate
Hash passwords with bcrypt or verify existing hashes using Python's bcrypt library.
Input
For hashing:
- - Password string to hash
- Cost/rounds (default: 10, range: 4–31)
For verification:
- - Password string
- Existing bcrypt hash string (starts with
$2b$ or $2a$)
Output
- - Bcrypt hash string (for hashing mode)
- True/False result (for verification mode)
Instructions
- 1. Determine mode: hash a new password, or verify against an existing hash.
- 2. Hashing a password:
python3 -c "import bcrypt; print(bcrypt.hashpw(b'PASSWORD', bcrypt.gensalt(rounds=ROUNDS)).decode())"
Replace
PASSWORD with the actual password and
ROUNDS with the cost factor (default 10).
- 3. Verifying a password against a hash:
python3 -c "import bcrypt; print(bcrypt.checkpw(b'PASSWORD', b'HASH'))"
Replace
PASSWORD and
HASH with the actual values.
- 4. Check if
bcrypt Python package is available before running:
python3 -c "import bcrypt" 2>&1
If it fails with
ModuleNotFoundError, tell the user:
> "This skill requires the Python
bcrypt package. Install with:
pip3 install bcrypt."
- 5. If
python3 is not found at all, tell the user:
> "This skill requires
python3. Install with:
brew install python3 (macOS) or
sudo apt install python3 (Linux)."
- 6. Present the hash output on its own line. For verification, report clearly: "Password MATCHES the hash" or "Password does NOT match the hash."
Examples
Hash password "mysecret" with cost 10:
Command: python3 -c "import bcrypt; print(bcrypt.hashpw(b'mysecret', bcrypt.gensalt(rounds=10)).decode())"
Output: �INLINECODE16
Hash password "admin" with cost 12:
Command: python3 -c "import bcrypt; print(bcrypt.hashpw(b'admin', bcrypt.gensalt(rounds=12)).decode())"
Output: $2b$12$... (60-char bcrypt hash)
Verify "mysecret" against $2b$10$abc...:
Command: python3 -c "import bcrypt; print(bcrypt.checkpw(b'mysecret', b'\$2b\$10\$abc...'))"
Output: �INLINECODE21
Error Handling
- -
python3 not found → tell user to install Python 3 - INLINECODE23� module not found → tell user to run �INLINECODE24
- Password contains single quotes → escape them or note that the command must be adjusted; prefer using a temp Python script file for complex passwords
- Hash string malformed (does not start with
$2b$ or $2a$) → warn the user the hash appears invalid before running - High cost factor (>= 14) → warn the user this will be slow (intentional for security)
Bcrypt 生成
使用 Python 的 bcrypt 库对密码进行 bcrypt 哈希处理或验证现有哈希。
输入
用于哈希:
- - 待哈希的密码字符串
- 成本/轮数(默认值:10,范围:4–31)
用于验证:
- - 密码字符串
- 现有的 bcrypt 哈希字符串(以 $2b$ 或 $2a$ 开头)
输出
- - Bcrypt 哈希字符串(哈希模式)
- True/False 结果(验证模式)
操作说明
- 1. 确定模式:对新密码进行哈希,或对照现有哈希进行验证。
- 2. 对密码进行哈希:
python3 -c import bcrypt; print(bcrypt.hashpw(b密码, bcrypt.gensalt(rounds=轮数)).decode())
将 密码 替换为实际密码,将 轮数 替换为成本因子(默认值为 10)。
- 3. 对照哈希验证密码:
python3 -c import bcrypt; print(bcrypt.checkpw(b密码, b哈希))
将 密码 和 哈希 替换为实际值。
- 4. 运行前检查 bcrypt Python 包是否可用:
python3 -c import bcrypt 2>&1
如果出现 ModuleNotFoundError 错误,请告知用户:
> 此技能需要 Python bcrypt 包。使用以下命令安装:pip3 install bcrypt。
- 5. 如果完全找不到 python3,请告知用户:
> 此技能需要 python3。使用以下命令安装:brew install python3(macOS)或 sudo apt install python3(Linux)。
- 6. 将哈希输出单独显示在一行。对于验证,请明确报告:密码与哈希匹配或密码与哈希不匹配。
示例
对密码 mysecret 使用成本 10 进行哈希:
命令: python3 -c import bcrypt; print(bcrypt.hashpw(bmysecret, bcrypt.gensalt(rounds=10)).decode())
输出: $2b$10$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQoeG6Lruj3vjPGga31lW
对密码 admin 使用成本 12 进行哈希:
命令: python3 -c import bcrypt; print(bcrypt.hashpw(badmin, bcrypt.gensalt(rounds=12)).decode())
输出: $2b$12$...(60 字符的 bcrypt 哈希)
对照 $2b$10$abc... 验证 mysecret:
命令: python3 -c import bcrypt; print(bcrypt.checkpw(bmysecret, b\$2b\$10\$abc...))
输出: True
错误处理
- - 未找到 python3 → 告知用户安装 Python 3
- 未找到 bcrypt 模块 → 告知用户运行 pip3 install bcrypt
- 密码包含单引号 → 进行转义或说明需要调整命令;对于复杂密码,建议使用临时 Python 脚本文件
- 哈希字符串格式错误(不以 $2b$ 或 $2a$ 开头)→ 在运行前警告用户该哈希似乎无效
- 高成本因子(>= 14)→ 警告用户这将很慢(出于安全考虑有意为之)
