Bcrypt Generator & Verifier
Hash passwords with bcrypt and verify hashes against plaintext. Choose your cost factor. Runs entirely in your browser — no data is sent to any server.
Bcrypt Generator & Verifier
Higher cost = more secure but slower to compute.
About bcrypt
Bcrypt is a password-hashing function designed to be slow and computationally expensive, making brute-force attacks impractical. Unlike SHA-256, which is designed to be fast, bcrypt deliberately slows down with each increment of the cost factor. The cost factor doubles the work per increment — cost 11 is twice as slow as cost 10.
Your data stays in your browser — no data is sent to any server.
What is bcrypt?
Bcrypt is a password-hashing algorithm designed by Niels Provos and David Mazières in 1999. Unlike general-purpose cryptographic hash functions like SHA-256, bcrypt is specifically designed to be slow and CPU-intensive, making it resistant to brute-force and dictionary attacks. It also incorporates a random salt automatically, so identical passwords produce different hashes every time.
Choosing a cost factor
The cost factor (also called work factor or rounds) controls how computationally expensive the hash is. It is a base-2 logarithm — cost 10 performs 2¹⁰ = 1024 iterations, cost 11 performs 2048, and so on. OWASP recommends a minimum cost of 10, and 12 or higher for new applications as hardware improves. Aim for a hash time of 100–300 ms in your production environment.
How to use
- Select the Hash tab, enter your plaintext password, and choose a cost factor.
- Click Generate Hash — the bcrypt hash appears in the output box.
- Copy the hash to store it in your database.
- To verify later: switch to the Verify tab, enter the plaintext and the stored hash, then click Verify.
Frequently Asked Questions
- Can I reverse a bcrypt hash to get the original password?
- No. Bcrypt is a one-way hash function — it is computationally infeasible to reverse a bcrypt hash. The only way to check a password is to hash the candidate and compare, which is exactly what the Verify tab does.
- Why does bcrypt produce a different hash each time for the same input?
- Bcrypt automatically generates a random 128-bit salt for each hash. The salt is embedded in the hash string (the $2b$10$... prefix contains both the cost and salt). This means two hashes of the same password will look different but both will verify correctly.
- What is the maximum input length for bcrypt?
- Bcrypt truncates input at 72 bytes. If your plaintext password is longer than 72 bytes (roughly 72 ASCII characters, fewer for multibyte characters), only the first 72 bytes are hashed. For very long passphrases, consider pre-hashing with SHA-256 before bcrypt, or use Argon2 instead.
- Is bcrypt still recommended or should I use Argon2?
- Bcrypt remains a strong, widely supported choice for password hashing and is safe to use. Argon2 (winner of the Password Hashing Competition) is the modern recommendation for new systems, as it is also memory-hard, making GPU-based attacks more expensive. Both are vastly better than using raw SHA-256 or MD5 for passwords.