bcrypt is an adaptive password-hashing function designed to make password verification slower and more resistant to offline cracking than fast hashes. It matters because password storage must remain expensive for attackers even as hardware becomes faster over time.
What is bcrypt?
bcrypt includes a configurable work factor so defenders can raise the cost as systems improve. It has been a widely used password-hashing choice for years, though many modern systems now also consider newer options like Argon2.
What bcrypt Commonly Supports
Common uses include legacy and modern password storage, authentication systems, credential database protection, and migration away from unsafely fast hash functions.
bcrypt vs. Argon2
bcrypt remains widely used and adaptive, while Argon2 is newer and often preferred for stronger modern password-hashing properties such as memory hardness.
Frequently Asked Questions
Why is bcrypt better than plain hashing for passwords?
Because it is intentionally slower and tunable, which makes large-scale cracking more difficult.
Should older systems keep weak password hashes?
No. Migrating toward stronger storage methods is usually worth the effort.
