Facebook Pixel

How long does bcrypt take per round?

On a modern CPU: N=8 about 25ms, N=10 about 100ms, N=12 about 400ms, N=14 about 1.6s. Pick the value that balances security and UX for your app.

Verify This Answer

Cross-check this information using these trusted sources:

More FAQs in bcrypt Salt Rounds Explained: How to Choose

10 for most apps (~100ms per hash). 12 for high-security apps (~400ms). 14+ is too slow for most apps. Each increment doubles the work, so the cost rises fast.

bcrypt.hash(password, N) runs the hash function 2^N times. N=10 means 1024 iterations. N=12 means 4096 iterations. Each increment doubles the work and the time.

A bcrypt hash looks like $2b$10$.... The 10 is the cost. You can read it with hash.split('$')[2]. Use this to detect old hashes that need rehashing with a higher cost.

Still have questions?

Browse all our FAQs or reach out to our support team

Want to upskill yourself?

Our courses are taking a Coffee break, but your curiosity shouldn't. Stay engaged with namastedev linkedin, youtube, discord and other resources while you wait.

0
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.