SHA-256 vs bcrypt: Which to Use for Password Hashing?
SHA-256 is fast; bcrypt is slow. For passwords, slow is the feature you want. Full comparison of hashing speed, salt handling, and when each algorithm is correct.
The short answer
For password storage, use bcrypt (or argon2, or scrypt). Never use SHA-256 directly. For file integrity, API signing, or content addressing, use SHA-256. They are not interchangeable — they solve different problems and have opposite design goals.
Why "speed is a bug" for password hashing
SHA-256 is designed to be fast. A modern GPU hashes several billion SHA-256s per second. If an attacker breaches your user database, they can dictionary-attack every common password in an afternoon. bcrypt is deliberately slow — its work factor lets you tune each hash to take ~100 ms, which is imperceptible to a legitimate user logging in but catastrophic for the attacker (who now needs decades instead of minutes to brute-force the same database).
Side-by-side
| Property | SHA-256 | bcrypt |
|---|---|---|
| Designed for | Fast hashing, file integrity | Password storage |
| Speed on modern GPU | ~10 billion/sec | ~10,000/sec (cost=10) |
| Built-in salt | No (you must add one) | Yes (16-byte random salt) |
| Tunable work factor | No | Yes (cost parameter, 2ⁿ rounds) |
| Output size | 32 bytes / 64 hex | 60-char string with cost + salt + hash |
| Memory-hard | No | Somewhat (argon2 is better) |
| Correct use | Integrity checks, signatures | User password storage |
What "salted SHA-256" actually costs attackers
Adding a salt prevents rainbow-table attacks — attackers can no longer precompute hashes for common passwords. But they can still brute-force each user's password individually. At 10 billion hashes/sec, an 8-character password (lowercase letters only) falls in under 20 seconds. bcrypt with cost=10 takes ~300 years for the same password. That's the gap.
When to use SHA-256
- File integrity — confirming a download wasn't corrupted or tampered with
- HMAC signing — signing API requests with a shared secret
- Content addressing — Git, IPFS, Docker layers
- Blockchain / proof-of-work — Bitcoin
- Deduplication — detecting identical files without byte-by-byte compare
- Deriving keys — as a primitive inside HKDF or PBKDF2 (but use those, not raw SHA-256)
When to use bcrypt
- User password storage in a database — the one job bcrypt was built for
- API key validation — when the key is user-memorable (not cryptographically random)
What about argon2 and scrypt?
Argon2 (winner of the 2015 Password Hashing Competition) is generally recommended over bcrypt for new projects because it's memory-hard, which makes GPU/ASIC attacks far less effective. Scrypt sits between the two. bcrypt is still a perfectly acceptable choice — just not best-in-class anymore.
Try both
The hash generator runs SHA-256 on any input in milliseconds. For bcrypt specifically, use a server-side library — bcrypt in the browser exposes the work factor publicly, which defeats half the point. Generate strong passwords to test with using the password generator.
Featured Tools
Try these free related tools directly in your browser — no sign-up required.
Hash Generator
Generate cryptographic hashes for any text using MD5, SHA-1, SHA-256, SHA-512, and more. Verify data integrity and create checksums instantly online.
Password Generator
Generate strong, random passwords of any length with custom rules. Choose uppercase, lowercase, numbers, and symbols for maximum security.
UUID Generator
Generate UUID v1, v4, and v5 universally unique identifiers instantly. Create single or bulk UUIDs for databases, APIs, and distributed systems.