What cost factor should I use?

OWASP recommends cost factor 10 minimum; 12 is the current recommended default. Calibrate to your production server: the hash should take 150-500ms. Higher is better, within that constraint.

Why does bcrypt have a 72-byte password limit?

The limit comes from bcrypt's internal Blowfish key setup. Input beyond 72 bytes is silently ignored. For longer passwords, a common mitigation is to pre-hash the password with SHA-256, then bcrypt the hex digest.

Is bcrypt still recommended over Argon2?

For new systems, Argon2id is preferred — it is memory-hard, making GPU attacks more expensive. bcrypt is still secure and widely supported, so migrating existing systems is not urgent but worth doing for new projects.

DevTools Surf

Bcrypt Simulator

This tool is not yet implemented.

About Bcrypt Simulator

Bcrypt Simulator preview - Security / Crypto tool

Simulate bcrypt hashing with configurable rounds and cost analysis. Part of the DevTools Surf developer suite. Browse more tools in the Security / Crypto collection.

Use Cases

Choose the right bcrypt cost factor for a given server's CPU budget
Verify that password hashing takes enough time to deter brute-force attacks
Demonstrate the relationship between cost factor and computation time
Compare bcrypt performance against Argon2 or scrypt for architecture decisions

Tips

Cost factor 12 is the current OWASP minimum recommendation — benchmark your server to find the highest value that stays under 500ms
The simulator shows actual time taken at each cost factor; use it to calibrate before deploying to production hardware
bcrypt truncates input at 72 bytes — passwords longer than that are silently trimmed. Pre-hash with SHA-256 if you need to support longer passwords

Fun Facts

bcrypt was designed by Niels Provos and David Mazieres in 1999 and presented at USENIX. It was one of the first password hashing schemes to use an adaptive cost factor — making it slower as hardware gets faster.
The default cost factor in most frameworks is 10 (1,024 rounds). Cost factor 12 requires about 4x the compute of cost factor 10. Cost factor 14 requires 16x. Each increment of 1 doubles the work.
Despite being 25 years old, bcrypt remains widely recommended because its deliberate slowness has kept it resilient to GPU attacks. SHA-256, by contrast, can be computed billions of times per second on commodity hardware — making it unsuitable for passwords.

FAQ

What cost factor should I use?: OWASP recommends cost factor 10 minimum; 12 is the current recommended default. Calibrate to your production server: the hash should take 150-500ms. Higher is better, within that constraint.
Why does bcrypt have a 72-byte password limit?: The limit comes from bcrypt's internal Blowfish key setup. Input beyond 72 bytes is silently ignored. For longer passwords, a common mitigation is to pre-hash the password with SHA-256, then bcrypt the hex digest.
Is bcrypt still recommended over Argon2?: For new systems, Argon2id is preferred — it is memory-hard, making GPU attacks more expensive. bcrypt is still secure and widely supported, so migrating existing systems is not urgent but worth doing for new projects.

Related Security / Crypto Tools

Hash Generator v2 HMAC Generator v2 JWT Encoder Bcrypt Hash Tester HMAC Generator Password Strength Analyzer TOTP / 2FA Generator SAML Response Decoder

DevTools Surf