How long does bcrypt take per round?
On a modern CPU: N=8 about 25ms, N=10 about 100ms, N=12 about 400ms, N=14 about 1.6s. Pick the value that balances security and UX for your app.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in bcrypt Salt Rounds Explained: How to Choose
10 for most apps (~100ms per hash). 12 for high-security apps (~400ms). 14+ is too slow for most apps. Each increment doubles the work, so the cost rises fast.
bcrypt.hash(password, N) runs the hash function 2^N times. N=10 means 1024 iterations. N=12 means 4096 iterations. Each increment doubles the work and the time.
A bcrypt hash looks like $2b$10$.... The 10 is the cost. You can read it with hash.split('$')[2]. Use this to detect old hashes that need rehashing with a higher cost.
Still have questions?
Browse all our FAQs or reach out to our support team
