# BCryptHash() Generates a BCrypt password hash. Use this instead of the deprecated GenerateBCryptHash(). **Requires Extension:** [Crypto Extension](https://download.lucee.org/#17AB52DE-B300-A94B-E058FC978BE4542D) ``` BCryptHash( input=string, cost=numeric ); ``` **Returns:** string # Arguments | Argument | Type | Required | Description | Default | |----------|------|----------|-------------|---------| | input | string | Yes | Password to hash | | | cost | numeric | No | Cost factor (4-31) | 10 | # Usage Notes BCrypt is a well-established password hashing algorithm with wide ecosystem support. It's the best choice when you need compatibility with Adobe ColdFusion or other platforms. **Cost factor:** The default is 10. Each increment doubles the computation time. Cost 12 is a good starting point for production — aim for 0.5–1 second on your hardware. The maximum is 31 but anything above 15 will be very slow. **Password length limit:** BCrypt silently truncates passwords at 72 bytes. If your application allows very long passwords, consider [Argon2Hash()](argon2hash.md) instead. For new applications where ACF compatibility isn't needed, prefer [Argon2Hash()](argon2hash.md) which offers tuneable memory-hardness and no password length limit. Replaces the deprecated [GenerateBCryptHash()](generatebcrypthash.md). # Examples ```cfml // BCryptHash generates a salted hash - each call produces a different result hash1 = BCryptHash( "my-secret-password" ); hash2 = BCryptHash( "my-secret-password" ); // hash1 != hash2 because BCrypt uses a random salt each time // The default cost factor is 10. Higher cost = slower but harder to brute-force. // Cost is exponential: cost 12 is 4x slower than cost 10. hash = BCryptHash( "my-secret-password", 12 ); // Verify a password against a stored hash using BCryptVerify() isValid = BCryptVerify( "my-secret-password", hash ); // true isWrong = BCryptVerify( "wrong-password", hash ); // false ``` # Categories [Cryptography](../../categories/crypto.md) # See Also [BCryptVerify()](bcryptverify.md), [GenerateBCryptHash()](generatebcrypthash.md), [VerifyBCryptHash()](verifybcrypthash.md)