Secure Password Storage with Hashing

Storing passwords in plain text is a major security vulnerability. This challenge asks you to implement a secure password hashing system in Python using the bcrypt library. This is crucial for protecting user credentials and preventing unauthorized access to sensitive data.

Problem Description

You are tasked with creating a Python function that securely hashes passwords using the bcrypt library. The function should take a password (string) as input and return a hashed password (string). The hashing process should include a salt, which is a randomly generated string added to the password before hashing, making it more resistant to attacks like rainbow table attacks. The function should also provide a way to verify a given password against a previously hashed password.

What needs to be achieved:

1. Implement a function hash_password(password) that takes a password string as input and returns a securely hashed password string.
2. Implement a function verify_password(password, hashed_password) that takes a password string and a hashed password string as input and returns True if the password matches the hashed password, and False otherwise.

Key Requirements:

• Use the bcrypt library for hashing and verification. You'll need to install it: pip install bcrypt
• The hash_password function must generate a unique salt for each password.
• The verify_password function must correctly compare the provided password against the stored hashed password, taking the salt into account.
• Handle potential errors gracefully (e.g., if bcrypt library is not installed).

Expected Behavior:

• hash_password("mysecretpassword") should return a string representing the bcrypt hash of "mysecretpassword". The returned string will be different each time you run it due to the random salt.
• verify_password("mysecretpassword", hash_password("mysecretpassword")) should return True.
• verify_password("wrongpassword", hash_password("mysecretpassword")) should return False.

Edge Cases to Consider:

• Empty password strings.
• Very long password strings.
• Handling potential ImportError if the bcrypt library is not installed.

Examples

Example 1:

Input: password = "password123"
Output: hashed_password = "$2b$12$xxxxxxxxxxxxxxxxxxxxxxxxxxx" (where 'x' represents random characters)
Explanation: The function generates a salt, combines it with the password, and hashes the result using bcrypt with a cost factor of 12. The output is a string representing the bcrypt hash.

Example 2:

Input: password = "anothersecret"
hashed_password = "$2b$12$yyyyyyyyyyyyyyyyyyyyyyyyyyy" (where 'y' represents random characters)
Output: True
Explanation: The `verify_password` function uses the stored hash and the provided password to re-hash the password with the same salt and compares the result.  Since the password matches, it returns True.

Example 3: (Edge Case)

Input: password = ""
Output: hashed_password = "$2b$12$xxxxxxxxxxxxxxxxxxxxxxxxxxx" (where 'x' represents random characters)
Explanation: Even an empty password should be hashed securely.

Constraints

• The cost factor for bcrypt hashing should be at least 12. Higher cost factors increase security but also increase computation time.
• The input password and hashed password strings should be standard UTF-8 encoded strings.
• The functions should be reasonably efficient for typical password lengths (up to 64 characters).
• If the bcrypt library is not installed, the hash_password function should raise an ImportError with a helpful message.

Notes

• The bcrypt library automatically handles salt generation and storage within the hashed password string.
• Focus on using the bcrypt library correctly to achieve secure password hashing and verification.
• Consider error handling to make your code more robust.
• Remember that the goal is to protect user passwords from unauthorized access.