Install our app πŸͺ„ click on the icon in the top right of the address bar.
Cybersecurity concept with glowing blue digital lock on a dark background

What is Bcrypt and How to Hash Passwords Securely

Security & Hashing 15 February, 2026 4 min read 0 views

    Learn what bcrypt is, why it's the gold standard for password hashing, and how to hash and verify passwords securely in your application.

    Storing passwords is one of the most security-critical tasks any developer faces. Get it wrong and a single database breach exposes every user's password to attackers. Get it right and even a full database dump gives attackers nothing useful. The gold standard for getting it right is bcrypt β€” and this guide explains exactly what it is, how it works, and how to use it.

    What is Bcrypt?

    Bcrypt is a password hashing function designed by Niels Provos and David Mazières, presented at USENIX in 1999. Unlike general-purpose hash functions like MD5 or SHA256 — which are designed to be as fast as possible — bcrypt was deliberately designed to be slow and computationally expensive. That slowness is a feature, not a bug.

    A bcrypt hash looks like this: $2b$12$KIXuG5.U5oCGYAEp/LKjGuZEJSTvomBQEpP7MLwzaYT/2sRIikIim

    The hash encodes three pieces of information: the algorithm version ($2b$), the cost factor (12), and the salt + hash combined (the remaining characters).

    Why Not Just Use MD5 or SHA256?

    MD5 and SHA256 are designed for speed. A modern GPU can compute billions of MD5 or SHA256 hashes per second. This means an attacker with a breached database can run a brute-force or dictionary attack against every password hash simultaneously at massive speed.

    Bcrypt, by contrast, is intentionally slow. With a cost factor of 12, bcrypt takes roughly 250–400ms to hash a single password on modern hardware. This makes brute-force attacks orders of magnitude more expensive. An attacker testing a million passwords per second with MD5 would only test a few hundred per second with bcrypt β€” effectively making large-scale cracking impractical.

    The Cost Factor (Work Factor)

    The cost factor (also called the work factor or rounds) controls how computationally expensive each hash operation is. The bcrypt cost is exponential: each increment doubles the time required.

    • Cost 10 β€” ~65ms per hash (minimum recommended for web apps)
    • Cost 12 β€” ~250ms per hash (commonly used default, good balance)
    • Cost 14 β€” ~1 second per hash (very strong, may affect UX on login)

    The OWASP recommendation is a cost factor of at least 10, calibrated so that hashing takes at least 1 second on your specific hardware. As hardware gets faster over time, you can increase the cost factor and rehash passwords on next login.

    Automatic Salting

    One of bcrypt's best features is that it automatically generates and embeds a unique salt into every hash. A salt is a random value added to the password before hashing, ensuring that even two users with identical passwords get completely different hashes.

    This defeats rainbow table attacks β€” precomputed tables of password-to-hash mappings. Since every bcrypt hash has a unique 128-bit salt, attackers cannot use precomputed tables and must brute-force each hash individually.

    With MD5 or SHA256 (without manual salting), a rainbow table can crack common passwords in milliseconds. With bcrypt's automatic salting, that attack vector is completely eliminated.

    How to Hash a Password with Bcrypt

    Try our free Bcrypt Generator to hash any string instantly and verify bcrypt hashes:

    1. Go to the Bcrypt Generator tool
    2. Enter the password or string you want to hash
    3. Select a cost factor (12 is the recommended default)
    4. Click Generate β€” your bcrypt hash is ready instantly
    5. Use the Verify section to check if a plain-text password matches a bcrypt hash

    Bcrypt in Code

    Every major language has bcrypt support:

    • PHP: password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]) and password_verify($input, $hash)
    • Node.js: bcrypt.hash(password, 12) via the bcrypt or bcryptjs npm package
    • Python: bcrypt.hashpw(password, bcrypt.gensalt(rounds=12)) via the bcrypt PyPI package
    • Java: Spring Security's BCryptPasswordEncoder
    • Ruby: BCrypt::Password.create(password, cost: 12) via the bcrypt gem

    Bcrypt vs Argon2 vs PBKDF2

    Bcrypt is excellent but not the only secure option:

    • Bcrypt β€” Proven, widely supported, 25+ years of real-world use. Best choice for most applications
    • Argon2id β€” Winner of the 2015 Password Hashing Competition. More modern, memory-hard (resists GPU attacks better). OWASP's first recommendation for new systems
    • PBKDF2 β€” NIST and FIPS approved. Less memory-hard than Argon2 but widely supported in enterprise and government contexts

    All three are vastly superior to MD5 or SHA256 for password storage. If you're starting a new project, Argon2id is the modern choice; if you need broad library support, bcrypt is the safe, proven option.

    Common Password Security Mistakes to Avoid

    • Never store plain-text passwords β€” Ever. If your database is breached, plain-text passwords are immediately exposed
    • Never use MD5 or SHA256 for passwords β€” Too fast. Attackers can crack millions of hashes per second
    • Never encrypt passwords β€” Encryption is reversible; hashing is not. If your encryption key is exposed, all passwords are exposed
    • Never use a static global salt β€” Every password must have its own unique salt (bcrypt handles this automatically)

    Related Security Tools

    Related Articles

    Share this article
    Written by ToolSparkr Team
    Our team of developers and writers creates free, in-depth guides to help you make the most of every online tool. From encoding to hashing, SEO to security β€” we've got you covered.
    Browse all tools