bcrypt Hash Generator & Verification

What is bcrypt?

bcrypt is a password hashing function specifically designed for secure password storage. It is intentionally slow and resistant to brute-force attacks. Unlike fast hashing algorithms such as MD5 or SHA, bcrypt includes a built-in salt and a configurable cost factor to increase computational effort.

bcrypt Cost Factor (Work Factor)

The cost factor, also known as the work factor, determines how many rounds of key expansion are applied during hashing. Each increment of the cost factor doubles the computation time, making large-scale brute-force attacks significantly more expensive.

$2b$10$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

In the example above, the value 10 represents the cost factor. Higher values improve security but also increase CPU usage.

bcrypt Variants

• $2a$ – Original bcrypt implementation, maintained for legacy compatibility
• $2x$ – Historical variant containing a sign-extension bug (deprecated and insecure)
• $2y$ – Corrected version of $2x$, commonly used in PHP environments
• $2b$ – Modern and recommended variant for new applications

Why bcrypt is Better Than MD5

• Adaptive and configurable cost factor
• Automatic per-hash salt generation
• Strong resistance to rainbow table attacks
• Designed specifically for password hashing

✔ Recommended for secure password storage

✖ MD5 should never be used for password hashing