Bcrypt Cost Factor — Benchmark · OWASP Guide · Choose Right Rounds
Adjustable cost factor · Password strength meter · Benchmark · Verify mode · Code snippets · 100% browser-side
Enter a password and click Generate
bcrypt · Adjustable cost factor · Random salt · One-way hash
The bcrypt cost factor (work factor) controls how slow hashing is. Higher cost = more secure but slower logins. OWASP recommends 100-300ms on your production server. Run the benchmark to find the right cost for your hardware — cost 12 is right for most modern servers.
What is Bcrypt?
Bcrypt is a password hashing algorithm designed by Niels Provos and David Mazières in 1999. Unlike general-purpose hash functions (MD5, SHA-256), bcrypt is intentionally computationally expensive. It uses a configurable cost factor to ensure hashing always takes a significant amount of time — making brute-force and dictionary attacks impractical even with modern GPU hardware.
Choosing the Right Cost Factor
The cost factor (work factor) controls how slow bcrypt is. Cost 12 means 2^12 = 4,096 internal rounds. Each increment doubles the time. The OWASP recommendation is to target 100–300ms hashing time on your production server. Cost 12 is typically right for modern hardware — run the benchmark to find the right value for your specific server.
Frequently Asked Questions
What is the bcrypt cost factor?
The cost factor (also called work factor or rounds) is an exponent — cost N means 2^N internal iterations. Cost 12 = 4,096 iterations. Cost 13 = 8,192 iterations (double the time). Each increment of 1 doubles hashing time.
What cost factor does OWASP recommend?
OWASP recommends a minimum cost factor of 10 as of 2023, and suggests choosing a factor that makes hashing take 100-300ms on your specific production hardware. Modern servers can often handle cost 12-13 within this range.
Should I upgrade cost factor for existing hashes?
Yes. When users log in successfully, check if their hash needs rehashing (password_needs_rehash() in PHP, or compare cost factor). If yes, hash their plaintext password with the new cost and update the database.
What cost factor do major frameworks use by default?
Django: 14 (configurable). Laravel: 12 (configurable). Spring Security: 10 (configurable). Rails (Devise): 12 (configurable). Most frameworks default to cost 10-12 and allow configuration.
Can I decrease the cost factor?
You can change the cost for new hashes but not existing ones. If you need faster hashing (e.g., high-traffic API), consider cost 10 with rate limiting rather than decreasing below 10. Never use cost below 8 in production.