Skip to main content

Bcrypt hashing time

313 words (approximately 2 minutes reading)


This is mere some measurements I make notes for myself, nothing interesting to see here.

I am implementing some authentication, so I was thinking how much cost should I use. The way to determine is to measure how long it takes to hash the password.

Here is the hardware I use:

I hash 3 different types of password:

Here is the source code, consider it public domain or under CC0 license if you want to use or copy it.

package main
import (

func main() {
	short := "short pass"
	medium := "h*uwd'QS0Xozxg5j//+e"
	long := "helium policy snort overtone shakable poison corporate curve"
	passwords := []string{short, medium, long}
	for cost := 10; cost <= 20; cost++ {
		fmt.Printf("Cost=%d\t", cost)
		for _, password := range passwords {
			start := time.Now()
			bcrypt.GenerateFromPassword([]byte(password), cost)
			elapsed := time.Since(start)
			fmt.Printf("%s\t", elapsed)


Cost short password medium password long password
10 48.672298ms 48.202171ms 48.294102ms
11 96.106021ms 96.47686ms 96.032581ms
12 193.138147ms 192.942441ms 193.234901ms
13 385.703415ms 385.518335ms 385.230291ms
14 774.508302ms 777.079681ms 775.36359ms
15 1.546692701s 1.545946171s 1.565475155s
16 3.092266749s 3.092314898s 3.124079405s
17 6.19333026s 6.177802493s 6.195031959s
18 12.396592375s 12.384743249s 12.407640266s
19 24.824486642s 24.793569567s 24.870305097s
20 50.026644158s 49.712950076s 49.596850425s



Look at my fedi fellows' sites:
  1. Previous site
  2. What is Fediring?
  3. Next site

Articles from blogs I read

Generated by fead