Question 1

What is the work factor (cost) in bcrypt and what value should I use?

Accepted Answer

The work factor (also called cost or rounds) is a power of 2 that controls how many hashing iterations are performed. A higher value is slower but more secure. The recommended value is 12 for most web applications. Adjust it so hashing takes about 100-300ms on your hardware.

Question 2

Can I recover the original password from a bcrypt hash?

Accepted Answer

No. Bcrypt is a one-way hash function designed to be irreversible. To verify a password, you hash the candidate password with the same salt and compare the result. You can never extract the original password from the hash.

Question 3

Why does bcrypt produce a different hash every time for the same password?

Accepted Answer

Bcrypt automatically generates a random 128-bit salt and embeds it into the output hash string. This means two hashes of the same password will always differ, protecting against rainbow table attacks. The salt is stored as part of the hash, so verification still works.

Question 4

Is bcrypt better than SHA-256 for password storage?

Accepted Answer

Yes. SHA-256 is a general-purpose hash designed to be fast, making it vulnerable to GPU-accelerated brute-force attacks. Bcrypt is purpose-built for passwords: it's intentionally slow, has a built-in salt, and can be made slower over time by increasing the cost factor.

Question 5

What is the maximum password length bcrypt supports?

Accepted Answer

Bcrypt has a maximum input length of 72 bytes. Passwords longer than 72 bytes are silently truncated to 72 bytes, which can be a security concern for very long passwords. If you need to support longer passwords, pre-hash the password with SHA-256 before passing it to bcrypt.

PBKDF2 Hash Generator

Frequently Asked Questions

Code Implementation

Comments & Feedback