Entropy analysis:
Length: 28 chars | Charset: 27 (lowercase + hyphen)
Entropy: ~131 bits (passphrase) vs 52 bits (8-char random)
Brute force at 10B guesses/sec: >10^22 years
Bcrypt cost=12:
Hash time (modern server): ~300ms
Hashes/sec an attacker can try offline: ~3.3/sec per GPU
Cost=10: 75ms hash, ~13/sec
Cost=14: 1.2s hash, 0.8/sec
Recommendation: cost=12 for web login
Tune so hash time ≈ 200-400ms on your hardware
Bcrypt's cost factor is a work factor — each increment doubles the hash time. Cost 12 produces ~300ms hashes on modern hardware, making offline dictionary attacks impractical (3 guesses/sec vs millions for MD5). The passphrase 'correct-horse-battery-staple' has 131 bits of entropy — far stronger than a complex 8-character password. Never use MD5, SHA-1, or unsalted SHA-256 for passwords.
What to do next
Set bcrypt cost to 12 and schedule an annual review — increase cost as hardware improves. Use Argon2id for new systems (OWASP recommendation since 2023).
Use the Password Entropy Calculator to run this on your own input.
Argon2id is the OWASP recommendation for new systems — it is memory-hard, resisting GPU and ASIC attacks better than bcrypt. Use bcrypt if your stack lacks a well-maintained Argon2 library. Never roll your own — use framework-provided implementations.
What is the minimum password entropy I should enforce?
NIST SP 800-63B recommends allowing long passphrases over complexity rules. Enforce minimum 8 characters (NIST minimum), but encourage passphrases. Check against the HaveIBeenPwned database rather than rejecting passwords by character class rules.