bcrypt Password Hashing: Why Slowness is a Feature (Node.js, Python, PHP)

Password hashing isn't just encoding — it's deliberately making attacks expensive. Here's why bcrypt is still the go-to choice in 2026. The bcrypt Hash Format A bcrypt hash looks like this: $2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/LewEjuBTZxN6TKT.O Breaking it down: $2b$ — bcrypt algorithm version 12 — cost factor (2^12 = 4096 iterations) Next 22 chars — base64-encoded salt Final 31 chars — base64-encoded hash Cost Factor / Salt Rounds The cost factor determines how slow the hashing is: Cost Iterations Approx. Time Use Case 10 1,024 ~100ms Web apps (default) 12 4,096 ~400ms High security 14 16,384 ~1.5s Banking/Healthcare Higher cost = slower attacks. A GPU can do billions of MD5 hashes per second but only thousands of bcrypt hashes. Node.js Implementation const bcrypt = require ( ' bcrypt ' ); // or: const bcrypt = require('bcryptjs'); // pure JS, no native deps const SALT_ROUNDS = 12 ; // Hash a password async function hashPassword ( plaintext ) { return await bcrypt . hash ( plain

bcrypt Password Hashing: Why Slowness is a Feature (Node.js, Python, PHP)

Related Articles

DoorDash introduces relief payments for drivers as the Iran-US war drives up gas prices

Republicans in Congress add $250 annual federal EV tax to transport bill

PROGRAMMING LANGUAGES

THE ULTIMATE MONEY MACHINE

I Got This DP Problem Wrong — Here’s Why

Related Articles

News
DoorDash introduces relief payments for drivers as the Iran-US war drives up gas prices
TechCrunch • 1w ago

News
Republicans in Congress add $250 annual federal EV tax to transport bill
Ars Technica • 1w ago

News
PROGRAMMING LANGUAGES
Medium Programming • 1w ago

News
THE ULTIMATE MONEY MACHINE
Medium Programming • 1w ago

News
I Got This DP Problem Wrong — Here’s Why
Medium Programming • 1w ago