Hash and compare text string using bcrypt. Bcrypt is a password-hashing function based on the Blowfish cipher.
Bcrypt is a password-hashing algorithm designed to be intentionally slow to resist brute-force attacks. It uses a salt to protect against rainbow table attacks.
The cost factor controls how many hashing rounds are performed. Increasing it by 1 doubles the computation time.
A cost factor of 10–12 is recommended. Higher values increase security but slow down hashing. The 2024 recommendation is at least 10 for production, and 12 for high-security scenarios. This tool defaults to 10. Test your target server to ensure hashing completes within an acceptable time (ideally under 300ms).
Bcrypt is designed to be extremely resistant to brute-force attacks. A high cost factor means each attempt takes a long time, even with GPU clusters. As long as the cost factor is high enough (>=10) and the password is sufficiently complex, bcrypt is practically uncrackable in real-world scenarios.