What is bcrypt?

bcrypt is a password-hashing function designed to be intentionally slow and to include a per-password salt automatically. Its cost factor can be increased over time to keep pace with faster hardware.

This slowness is a feature: it makes brute-force and rainbow-table attacks far more expensive. bcrypt (or alternatives like Argon2) should be used for storing passwords — never a fast hash like MD5 or SHA-256 alone.