About

Bcrypt is an adaptive, computationally expensive cryptographic key derivation function (KDF) architected specifically for password hashing. Derived from the Blowfish block cipher, its primary defense mechanism is its inherent latency. Unlike rapid-digest algorithms such as MD5 or SHA-256, bcrypt intentionally limits execution speed via a configurable logarithmic work factor. This physical time constraint exponentially inflates the resource overhead for adversaries attempting offline dictionary or brute-force attacks utilizing parallel GPU pipelines.

Every generated hash autonomously embeds a 128-bit cryptographically secure pseudo-random salt. This protocol effectively eliminates the threat of pre-computed rainbow tables by ensuring identical plaintext inputs inevitably produce divergent ciphertext outputs. Proper deployment of bcrypt requires balancing the cost factor against infrastructure concurrency limitations; an optimal configuration typically mandates 200−500 milliseconds per verification operation to maximize security thresholds without degrading server response latency.

Formulas

The bcrypt algorithm outputs a 60-character modular string encompassing four critical cryptographic fields. This composite structure guarantees that the hash string inherently contains its own evaluation parameters, negating the requirement for external configuration databases.

$Version$Cost$SaltChecksum

Parameter specifications:

Version: The core algorithm revision identifier (e.g., 2a, 2b, 2y). Modern implementations natively enforce 2b.
Cost: A base-2 logarithmic work factor dictating the iterations of the Blowfish key schedule. Calculated as Iterations = 2^Cost.
Salt: 16 bytes of hardware-generated random data, encoded via a custom Base64 dictionary into exactly 22 characters.
Checksum: 24 bytes of the resulting final hash output, Base64-encoded to exactly 31 characters.

Reference Data

Cost Factor	Key Expansion Rounds	Relative Execution Latency (1 Core)	Security Classification
04	16	< 1 ms	Severely Vulnerable (Testing only)
08	256	~ 2 ms	Insufficient for Production
10	1,024	~ 10 ms	Legacy Minimum standard
12	4,096	~ 150 ms	Standard Practice (Current Default)
13	8,192	~ 300 ms	High Security baseline
14	16,384	~ 600 ms	Enterprise Security limit
15	32,768	~ 1.2 s	Extreme Security
16	65,536	~ 2.5 s	Maximum Practical Web Limit

Frequently Asked Questions

Bcrypt imposes a strict physical limitation of 72 bytes for plaintext input directly resulting from the 448-bit state constraints of the Blowfish block cipher. Passwords exceeding this threshold are systematically truncated before hashing. A required mitigation strategy for handling extreme lengths is to pre-hash inputs utilizing SHA-256 or SHA-512 prior to engaging the bcrypt algorithm.

Cryptographic latency operates as a deliberate security feature, inherently resisting Moore's Law. By enforcing a hard computational delay configured through the Cost Factor, bcrypt geometrically escalates the time and electricity required for bulk operations, rendering massively parallel brute-force attacks via GPU and ASIC arrays economically catastrophic for adversaries.

The Cost Factor functions on a base-2 logarithmic continuum. A cost of 10 dictates 2¹⁰ (1,024) calculation rounds. Increasing the variable by exactly 1 definitively doubles the mandatory computational time and CPU cycles required for both generation and verification.

These represent historical algorithm revisions. Version 2a was the initial standardization but suffered from a minor 8-bit wrapping flaw when handling specific non-ASCII characters. Version 2y was implemented strictly within the PHP ecosystem to patch this localized behavior. Version 2b is the current definitive, universally accepted standard correcting all legacy padding anomalies.