bcrypt
SecurityDefinition
bcrypt is a password hashing function designed to be computationally expensive, making brute-force attacks slow. It automatically includes a random salt and has a configurable work factor (cost) that can be increased as hardware becomes faster. bcrypt is the recommended default for password storage.
Related Tools
Frequently Asked Questions
Related Terms
JWT
JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object. JWTs are self-contained tokens composed of three Base64URL-encoded parts: header, payload, and signature. Widely used for authentication and API authorization.
OAuth
OAuth 2.0 is an authorization framework that allows applications to obtain limited access to user accounts on HTTP services. OAuth enables "Login with Google/GitHub" flows where a third-party app is granted access to specific user data without receiving the user's password.
API Key
An API key is a unique identifier string passed in requests to authenticate an application or user accessing an API. API keys are simpler than OAuth but provide less security — they are long-lived, not scoped per-user, and must be kept secret.
SSL/TLS
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that provide encrypted communication over the internet. TLS is used in HTTPS, email (SMTP/IMAP), VPNs, and any application requiring secure data transmission. SSL is deprecated; TLS 1.3 is current.