1
Policy review
A team compares bcrypt cost 12 with the baseline of 10.
Inputs
- Cost factor: 12
Steps
- Relative work = 2^(12 - 10) = 4
Result
- Cost 12 requires roughly 4 times the work of cost 10.
Bcrypt Cost Estimator
Estimate the relative work factor increase created by changing bcrypt cost rounds.
Bcrypt Cost Estimator
Result
Calculating the sample result.
Why it matters
Bcrypt rounds are exponential, so small setting changes can create surprisingly large performance differences.
When to use
- Reviewing password-hash policy changes
- Explaining why a jump from cost 10 to cost 12 matters
- Planning migration tradeoffs between security and CPU usage
Inputs & Outputs
Inputs
- Bcrypt cost is the work factor parameter used by the hashing algorithm.
Outputs
- Relative work factor shows how many times more work the chosen cost requires compared with cost 10.
- Power-of-two summary shows the exponential relationship explicitly.
Relative work-factor method
Bcrypt cost scales exponentially. Each increment doubles the work, so relative work can be expressed as 2 raised to the difference between the chosen cost and a baseline.
Relative work vs cost 10 = 2^(cost - 10)
Worked example
Edge cases & caveats
- This is a relative estimate, not a precise benchmark on your hardware.
- Real request latency depends on implementation, hardware, and concurrency.
Frequently Asked Questions
Why not show exact milliseconds?
Because bcrypt performance varies across languages, hardware, and deployment environments.
Does one extra round really matter?
Yes. Each additional round doubles the work required.
Keep going
Related Tools
Password Entropy Calculator
Estimate password entropy from length and character set assumptions.
Open
API Key Entropy Calculator
Estimate the entropy of an API key format from its length and character set size.
Open
Session TTL Calculator
Convert session lifetime settings into multiple time units and calculate expiry from a duration.
Open