Facebook Pixel

bcrypt vs Other Password Hashing Algorithms

bcrypt, argon2, scrypt, PBKDF2: which should you use? Here is the comparison.

bcrypt vs Other Password Hashing Algorithms

bcrypt is the common choice, but it is not the only one. Here is how it compares to argon2, scrypt, and PBKDF2.

bcrypt

Designed for passwords. Slow on purpose. Salt built in. Adjustable cost (salt rounds). The standard for years.

Pros: battle-tested, easy to use, available in every language. Cons: not memory-hard (an attacker with ASICs can brute-force faster than argon2).

argon2

Winner of the 2015 Password Hashing Competition. Memory-hard (requires lots of RAM), so ASICs are expensive to build. Has three variants: argon2i (side-channel resistant), argon2d (GPU-resistant), argon2id (hybrid, recommended).

Pros: modern, memory-hard, side-channel resistant (argon2id). Cons: newer, fewer tutorials, harder to set up than bcrypt.

scrypt

Memory-hard like argon2 but older. Designed to be expensive in both CPU and RAM.

Pros: memory-hard, battle-tested. Cons: argon2 is generally preferred for new projects.

PBKDF2

Older standard. Uses an iterated HMAC. Adjustable iterations.

Pros: standard, available everywhere (built into Node's crypto). Cons: not memory-hard, so ASICs can brute-force faster than bcrypt or argon2. Weakest of the four.

Which to Use

  • New project with no constraints: argon2id. Modern, memory-hard, side-channel resistant.
  • Existing project or simple setup: bcrypt with 10-12 rounds. Battle-tested and easy.
  • Need a standard built into Node: PBKDF2 with high iterations. Weakest but no dependencies.
  • Avoid: MD5, SHA-1, SHA-256 (raw, without salt and iterations). They are fast hashes, not password hashes.

Migration

If you are on bcrypt and want to move to argon2, do it gradually. On next login, verify the old hash, then rehash with argon2 and save. Store a marker for which algorithm each user is on. Eventually all users are on argon2.

The Takeaway

Use argon2id for new projects with no constraints. Use bcrypt with 10-12 rounds for existing projects or simple setup. Use PBKDF2 only if you need a standard built into Node. Avoid raw SHA hashes. Migrate gradually by rehashing on next login.

argon2id for new projects with no constraints (modern, memory-hard, side-channel resistant). bcrypt with 10-12 rounds for existing projects or simple setup. PBKDF2 only if you need a standard built into Node. Avoid raw SHA hashes.

argon2 is memory-hard (requires lots of RAM), so ASICs are expensive to build. bcrypt is not memory-hard, so an attacker with ASICs can brute-force faster. argon2id is also side-channel resistant.

Yes, with 10-12 salt rounds. It is not the most modern option (argon2 is better), but it is battle-tested, easy to use, and safe for most apps. Use 12 rounds for high-security apps.

SHA-256 is a fast hash, not a password hash. It is designed to be fast, which means brute-forcing a list of hashes is fast. Password hashes are slow on purpose (bcrypt, argon2). Never use raw SHA for passwords.

Gradually. On next login, verify the old bcrypt hash, then rehash the password with argon2 and save. Store a marker for which algorithm each user is on. Eventually all users are on argon2. No big-bang migration needed.

Ready to master Node.js completely?

Want to upskill yourself, crack your next interview, and get your dream job? Join our comprehensive course to dive deeper with high-quality video tutorials, solve interview questions, and a premium community.

Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.