diff --git a/src/bun.js/api/BunObject.zig b/src/bun.js/api/BunObject.zig
index d6ec510af9..a1c36bd840 100644
--- a/src/bun.js/api/BunObject.zig
+++ b/src/bun.js/api/BunObject.zig
@@ -1852,10 +1852,10 @@ pub const Crypto = struct {
                     // bcrypt silently truncates passwords longer than 72 bytes
                     // we use SHA512 to hash the password if it's longer than 72 bytes
                     if (password.len > 72) {
-                        var sha_256 = bun.sha.SHA512.init();
-                        defer sha_256.deinit();
-                        sha_256.update(password);
-                        sha_256.final(outbuf[0..bun.sha.SHA512.digest]);
+                        var sha_512 = bun.sha.SHA512.init();
+                        defer sha_512.deinit();
+                        sha_512.update(password);
+                        sha_512.final(outbuf[0..bun.sha.SHA512.digest]);
                         password_to_use = outbuf[0..bun.sha.SHA512.digest];
                         outbuf_slice = outbuf[bun.sha.SHA512.digest..];
                     }