diff --git a/package.json b/package.json
index 44ed1b8..134c5ea 100644
--- a/package.json
+++ b/package.json
@@ -7,6 +7,7 @@
     "start": "tsx src/server.ts"
   },
   "devDependencies": {
+    "@types/bcryptjs": "^2.4.6",
     "@types/bun": "^1.0.4",
     "tsx": "^4.7.0",
     "typescript": "^5.3.3"
@@ -18,6 +19,7 @@
     "@fastify/type-provider-typebox": "^4.0.0",
     "@fastify/websocket": "^10.0.1",
     "@sinclair/typebox": "^0.32.9",
+    "bcryptjs": "^2.4.3",
     "fastify": "^4.27.0",
     "nanoid": "^5.0.4",
     "sqlite3": "^5.1.7",
diff --git a/src/bcrypt.ts b/src/bcrypt.ts
new file mode 100644
index 0000000..9ba20a6
--- /dev/null
+++ b/src/bcrypt.ts
@@ -0,0 +1,18 @@
+import * as bcrypt from "bcryptjs";
+
+const saltRounds = 10; // Le nombre de tours de salage
+
+/* Fonction pour hasher le mot de passe */
+export async function hashPassword(password: string): Promise<string> {
+  const hashedPassword = await bcrypt.hash(password, saltRounds);
+  return hashedPassword;
+}
+
+/* Fonction pour vérifier le mot de passe */
+export async function comparePassword(
+  plainPassword: string,
+  hashedPassword: string
+): Promise<boolean> {
+  const isMatch = await bcrypt.compare(plainPassword, hashedPassword);
+  return isMatch;
+}
diff --git a/src/server.ts b/src/server.ts
index 4f79505..6504954 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -8,6 +8,7 @@ import { Pull, Push } from "zeromq";
 import { ChangeSet, Text } from "@codemirror/state";
 import { Update, rebaseUpdates } from "@codemirror/collab";
 import * as db from "./database";
+import { hashPassword } from "bcrypt";
 
 const sender = new Push();
 await sender.bind(`tcp://127.0.0.1:5557`);
@@ -128,7 +129,9 @@ fastify.post(
   },
   async (request, reply) => {
     const { login, password, permissions } = request.body;
-    if (!(await db.insertUser(database, login, password, permissions))) {
+    // Hasher le mot de passe avant de l'insérer dans la base de données (en type string)
+    const hashedPassword = (await hashPassword(password)) as string;
+    if (!(await db.insertUser(database, login, hashedPassword, permissions))) {
       reply.send({ success: false });
     } else {
       reply.send({ success: true });