What is the bcrypt cost factor?

The cost factor (also called work factor) controls how many iterations bcrypt performs: cost N means 2^N iterations. Each increment doubles the hash time, making brute-force attacks proportionally harder.

What cost factor does OWASP recommend?

OWASP recommends choosing a cost factor that results in at least 100ms hash time on your production hardware, and reassessing as hardware improves. As of 2024 that is typically cost 10–12 on modern servers.

Why does hardware tier matter?

The same cost factor runs faster on high-end hardware. A budget VPS may take 200ms at cost 10 while an M2 laptop takes 50ms. Use the hardware multiplier to model your actual environment.

How accurate is this estimator?

Estimates are based on a reference benchmark (cost 10 ≈ 100ms on a 2023 cloud vCPU) scaled by the hardware multiplier and the doubling formula. Run a real benchmark in your environment to confirm — use password_hash() in PHP or bcrypt.checkpw() in Python for a timing test.

What happens if I set the cost too high?

A cost that is too high increases login latency and CPU usage, which can degrade user experience and make your login endpoint a denial-of-service vector under traffic spikes. Balance security against performance.

Bcrypt Cost Factor Estimator

Name: Bcrypt Cost Factor Estimator
Availability: InStock
Author: Nham Vu

Find the right bcrypt work factor for your hardware to hit a target hash time.

Parameters

Target hash time 100 ms

50 ms OWASP min: 100 ms 2000 ms

Server hardware tier

Peak logins per second (optional)

Shows CPU core-seconds consumed per second at peak.

Recommendation

Recommended Cost

—

Est. Hash Time

—

Cost Factor Comparison

Cost	Iterations	Est. Time (ms)	Status
Enter parameters and click Calculate

Code Examples

// Click Calculate to generate code

Why Cost Factor Matters

Bcrypt's work factor is an exponential dial: increasing cost by 1 doubles the time an attacker needs to brute-force each password hash. At cost 10 an attacker with a GPU can try ~100,000 hashes/second; at cost 14 that drops to ~6,000. OWASP recommends at least 100ms per hash on your production hardware, re-evaluated as hardware improves. Never store plain-text passwords or use fast hashes (MD5, SHA-1, SHA-256) for passwords — they offer no resistance to GPU cracking.

Copied!

Summary

Find the right bcrypt work factor for your hardware to hit a target hash time.

How it works

Select your target hash time in milliseconds (OWASP minimum: 100ms).
Choose your server hardware tier to apply a timing multiplier.
The tool calculates which cost factor hits your target using the doubling formula: t(cost) = t_base × 2^(cost − base_cost).
Optionally enter peak logins per second to see CPU overhead.
Copy the generated code snippet for PHP, Python, or Node.js.

Use cases

Choose a bcrypt cost factor before deploying a new authentication system.
Re-tune cost after migrating to faster or slower server hardware.
Check whether your current cost factor meets OWASP recommendations.
Estimate CPU impact of bcrypt at peak login traffic.

Frequently Asked Questions

Last updated: 2026-07-01 · Reviewed by Nham Vu