Bcrypt Hash Generator
Generate secure bcrypt hashes from passwords and verify password-hash pairs. Runs entirely in your browser β your password is never sent to any server.
π Purpose-Built for Passwords
Unlike SHA-256 or MD5, bcrypt is designed specifically for password storage. It's intentionally slow and includes a salt to prevent rainbow table attacks.
βοΈ Adjustable Cost
The cost factor controls how slow the hash is. Double the cost = double the computation time. This lets you keep up with faster hardware over time.
π 100% Client-Side
Uses the bcryptjs library. Your password is never sent anywhere. Ideal for testing and verifying hash formats.
Frequently Asked Questions
What is bcrypt and why is it used for passwords?
Bcrypt is a password hashing function created in 1999 by Niels Provos and David MaziΓ¨res. Unlike general-purpose hash functions (SHA-256, MD5), bcrypt is deliberately slow β it's designed to make brute-force attacks computationally expensive. It also automatically generates and embeds a random salt, preventing rainbow table attacks.
Why not use SHA-256 or MD5 to hash passwords?
SHA-256 and MD5 are designed for speed β they can compute billions of hashes per second on modern GPUs. This makes them unsuitable for passwords. Bcrypt is designed to be slow (configurable via cost factor) and is purpose-built for password storage. Always use bcrypt, Argon2, or scrypt for passwords β never SHA or MD5.
What does a bcrypt hash look like?
A bcrypt hash looks like: $2b$10$N9qo8uLOickgx2ZMRZo..... The $2b$ is the version, $10$ is the cost factor, the next 22 characters are the salt, and the remaining characters are the hash. The full hash is always 60 characters.
Should I use this tool in production?
This tool is designed for testing and development. In production, always hash passwords server-side in your backend code. Never send plaintext passwords to a third-party website for hashing, even one that claims to be private. For production, use bcrypt libraries for your language: bcryptjs (Node), bcrypt (Python), password_hash() (PHP).