Hash algorithms Vs bcrypt and which is better?

First of all I want to clear that bcrypt is not a hash algorithm. They're 2 different things, designed to be used for different tasks. There is no 'correct' answer to "is bcrypt encryption better than hash algorithms?" You might as well ask "are apples better than kangaroos?". Since bcrypt can be used in place of a hash algorithm to protect passwords, bcrypt is confusingly referred to as a "hash" algorithm itself. bcrypt is an algorithm that uses Blowfish internally. It is not an encryption algorithm itself. It is used to irreversibly obscure passwords, just as hash functions are used to do a "one-way hash".

video source: youtube

Yes, cryptographic hash algorithms (MD5, SHA1, SHA256, SHA512, SHA-3, etc) are only one way encryption technique so impossible to reverse. When user provides password for logging in, the alorithm encrypts it and compare with password stored in database. If both encrypted hashes match, user would be authenticated else not. In particular, because of the irreversibility of the hash function, it's assumed that the user isn't an attacker that got hold of the hash and reversed it to find a working password.

On the other hand, bcrypt uses Blowfish for encryption, using a key 'derived' from the password. It only stores cyphertext in database and never stores salt in database. Later, when user provides password, the key derived again and compare with stored cyphertext then the user will be authenticated. So, just like hash algorithms, bcrypt produces an irreversible output from a password, salt and stretches. To break this cryptography, an attcker would have to know the key from the cyphertext. This attack is known as 'known-plaintext', since the attacker knows the string that has been encrypted, but not the key used for it. Blowfish has been studied extensively, and no attacks are yet known that would allow an attacker to find the key with a single known plaintext.

So, my recommendation is to bcrypt stems from the assumptions

1. that a Blowfish has had a similar level of scrutiny as the SHA-2 family of hash functions, and
2. that cryptanalytic methods for ciphers are better developed than those for hash functions.

Let me know if you have some other or similar views.

Thanks to Erickson