Bcrypt Hash Format ($2b$) Breakdown
Break down the bcrypt hash string format: version prefix ($2b$), cost factor, salt, and hash. Learn the differences between $2a$, $2b$, and $2y$ version identifiers and what each segment means.
Detailed Explanation
Bcrypt Hash Format Breakdown
A bcrypt hash is a 60-character string with a well-defined structure. Understanding each segment helps you debug authentication issues, validate stored hashes, and choose the correct library settings.
Anatomy of a Bcrypt Hash
$2b$12$WApznUPhDubN0oeveSXHp.TsvdMWsOW2YDTkfOURVKnbmjmGdMsUm
|__|__|________________________|______________________________|
v c salt (22 chars) hash (31 chars)
$2b$— Version identifier12— Cost factor (2^12 = 4,096 iterations)- 22 characters — Base64-encoded 16-byte salt
- 31 characters — Base64-encoded 24-byte hash (the encrypted
"OrpheanBeholderScryDoubt"constant)
Version Identifiers
| Prefix | Meaning |
|---|---|
$2$ |
Original bcrypt specification (rarely used) |
$2a$ |
Fixed the handling of non-ASCII characters; most widely supported |
$2b$ |
Corrected a bug in the OpenBSD implementation that affected passwords longer than 255 characters; current recommended version |
$2y$ |
PHP-specific identifier indicating the crypt_blowfish fix for an 8-bit sign extension bug |
For new applications, $2b$ is the recommended prefix. Most modern libraries default to it. All versions are compatible for verification — a hash generated with $2a$ can still be verified with a $2b$ library.
The Custom Base64 Alphabet
Bcrypt uses a non-standard Base64 encoding with the alphabet:
./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
This differs from standard Base64 (A-Za-z0-9+/) and URL-safe Base64 (A-Za-z0-9-_). If you try to decode a bcrypt salt or hash with a standard Base64 decoder, you will get incorrect results.
Cost Factor Range
The cost factor is stored as a two-digit number (zero-padded). Valid values range from 04 to 31:
- Cost 04: 16 iterations (too fast for production)
- Cost 10: 1,024 iterations (common default)
- Cost 12: 4,096 iterations (recommended minimum for 2024+)
- Cost 31: 2,147,483,648 iterations (impractically slow)
Validating a Bcrypt Hash
A valid bcrypt hash always:
- Starts with
$2a$,$2b$, or$2y$ - Followed by a two-digit cost factor (04–31)
- Followed by
$ - Followed by exactly 53 characters from the bcrypt Base64 alphabet
- Total length: exactly 60 characters
Use Case
Understanding the bcrypt hash format is essential when debugging authentication failures, writing database migration scripts, or building tooling that validates stored hashes. If you are migrating between bcrypt libraries or upgrading from $2a$ to $2b$, knowing the format lets you write validation logic that detects the version prefix and handles each variant correctly.