Question 1

What is bcrypt?

Accepted Answer

Bcrypt is a password-hashing function designed by Niels Provos and David Mazières in 1999. It is intentionally slow, with an adjustable cost factor (number of rounds), making brute-force attacks expensive. A bcrypt hash includes the algorithm version, cost, salt, and hash, so verification needs only the hash. Recommended cost is 10–12 for most apps.

Question 2

Common uses

Accepted Answer

User passwords — store bcrypt hashes, never plaintext.Migration — generate hashes when seeding test users.Cost tuning — benchmark hash time on your hardware.Auth debugging — verify a stored hash matches a known password.

Question 3

About the cost factor

Accepted Answer

Higher cost values are slower but more resistant to brute-force attacks. Pick the highest cost your server can afford on a login (typically 10 to 12).

Question 4

Note

Accepted Answer

This tool runs entirely in your browser. For production use, hash passwords on your server with a vetted bcrypt library.

Bcrypt Generator

What is bcrypt?

Note

About the cost factor

Privacy