BCrypt is an adaptive function specifically designed for **password hashing**, based on the Blowfish symmetric encryption algorithm. Unlike fast hash functions such as MD5 or SHA, BCrypt's core security advantage lies in its built-in **"slowness"**, which dramatically increases the cost for attackers to crack passwords.

Core Features：

• Generate Hash:Converts a user's plaintext password into a secure hash string using the BCrypt algorithm. The resulting string (e.g., $2a$10$N9qo8uLOickgx2ZMR9JGye...) contains the algorithm version, cost factor, random salt, and the hash itself, and can be directly stored in the user table of your database.
• Verify Password:When a user attempts to log in, their entered plaintext password is compared against the stored hash in the database. BCrypt's comparison function automatically extracts the salt and cost factor from the hash string, performs an identical hash computation, and securely compares the result to verify if the password is correct.
• Cost Factor: This is the key security parameter for BCrypt. It controls the number of iterations in the hashing process (iterations = 2^cost). A higher value makes hashing slower and significantly strengthens resistance against brute-force attacks. The industry-recommended range is typically between **10 and 12**.