Why can’t I use SHA-256 for passwords if I add a salt?

Salting defeats rainbow tables but not brute force. SHA-256 is so fast that attackers still try billions of salted guesses per second. Passwords need a deliberately slow hash like bcrypt.

Is bcrypt still secure in 2026?

Yes, when configured with an adequate work factor. bcrypt, scrypt, and Argon2 are all acceptable; Argon2 is the newest and often recommended for new systems.

What is a work/cost factor?

A tunable parameter that sets how much CPU each hash costs. You raise it over time so cracking stays expensive as hardware gets faster.

bcrypt vs SHA-256: never hash passwords with SHA

6 min readUpdated May 24, 2026

These are both "hashing", but they are built for opposite goals. Confusing them is one of the most common and most damaging security mistakes. Here is the distinction.

bcryptSlow, salted password hash

SHA-256Fast integrity hash

	bcrypt	SHA-256
Designed for	Password storage	Data integrity, signatures
Speed	Deliberately slow	Very fast
Built-in salt	Yes (per hash)	No
Tunable cost	Yes (work factor)	No
GPU-crackable	Resistant	Billions/sec
Use for passwords?	Yes	No

Speed is the whole point

SHA-256 is fast by design — great for verifying a download, terrible for passwords. An attacker with a leaked database can try billions of SHA-256 guesses per second on a GPU.

bcrypt is intentionally slow and has a tunable cost factor: raise it as hardware improves to keep cracking expensive. It also salts every hash automatically, so identical passwords produce different outputs.

What about “SHA-256 + salt”?

Adding a salt to SHA-256 stops rainbow tables but does nothing about raw speed — the attacker still makes billions of salted guesses per second. Salt is necessary but not sufficient. Use a slow hash.

Modern recommendation: bcrypt, scrypt, or Argon2 for passwords; SHA-256 for integrity. Never SHA for passwords, even salted.

The verdict

For passwords, use bcrypt (or Argon2/scrypt) — slow and salted by design. Use SHA-256 only for integrity: checksums, signatures, content addressing. Experiment with both in the Bcrypt tool and the Hash Generator.

Frequently asked questions

Why can’t I use SHA-256 for passwords if I add a salt?: Salting defeats rainbow tables but not brute force. SHA-256 is so fast that attackers still try billions of salted guesses per second. Passwords need a deliberately slow hash like bcrypt.
Is bcrypt still secure in 2026?: Yes, when configured with an adequate work factor. bcrypt, scrypt, and Argon2 are all acceptable; Argon2 is the newest and often recommended for new systems.
What is a work/cost factor?: A tunable parameter that sets how much CPU each hash costs. You raise it over time so cracking stays expensive as hardware gets faster.

Try it yourself

Free, in-browser tools for everything above.

Bcrypt Hash Generator & Verifier Hash Generator (MD5, SHA-1, SHA-256, SHA-512)

Speed is the whole point

What about “SHA-256 + salt”?

The verdict

Frequently asked questions

Try it yourself

Go deeper