Online bcrypt Hash Generator & Verifier
bcrypt is a slow, salted password-hashing function designed specifically for storing passwords securely. Use Generate mode to produce a hash, or Verify mode to check a password against an existing hash. Set the cost and salt in "More settings". Everything runs on your device.
Everything runs in your browser. Your data is never sent to our servers.
Example
Example Input
Password: hunter2 • Cost: 10
Example Output
$2b$10$N9qo8uLOickgx2ZMRZoMy... (random per salt)
How to Use
- 1Choose Generate or Verify mode.
- 2Enter the password in the provided field.
- 3In Generate mode, set optional cost/salt in "More settings" then click the button. In Verify mode, paste an existing hash then click to compare.
- 4Copy the resulting hash, or read the match/no-match status in Verify mode.
About bcrypt
bcrypt is a password-hashing function created by Niels Provos and David Mazières in 1999, based on the Blowfish cipher. Unlike fast hashes such as SHA-256, bcrypt is deliberately slow and includes an automatic salt to resist brute-force and rainbow-table attacks.
How it works: bcrypt has a "cost" (work factor) parameter that sets how many times the key schedule is repeated — each increment doubles the computation time. A random salt is embedded in the hash so two identical passwords produce different hashes. The output format stores the version, cost, salt, and digest in one string ($2b$...).
bcrypt is very popular and still recommended for storing passwords. Add a "pepper" (an application-side secret) for an extra layer. For needs more resistant to GPU/ASIC attacks, consider Argon2.
FAQ
What is the cost / work factor in bcrypt?
The cost sets how slow the hash is. Common values are 10–12. Higher cost is more secure but slower. Each +1 doubles the computation time.
Why is the bcrypt hash different each time?
Because bcrypt embeds a random salt. That is expected and secure — use Verify mode to check a password rather than comparing hash strings directly.
Is my password sent to a server?
No. All bcrypt hashing and verification happen in your browser. Your password never leaves your device.