While «bcrypt» is generally considered safe — meaning, hackers who gain
access to databases containing these
passwords can't
access them in
plaintext — it is prone to implementation mistakes, as Ashley Madison users discovered during its 2015 breach.