Bcrypt Hash Generator and Verifier

Generate bcrypt password hashes and verify passwords against existing hashes locally in your browser.

Create a new bcrypt hash from a password, or check whether a password matches a pasted bcrypt hash. Everything runs locally in your browser, so passwords and hashes are not uploaded or sent to a server.

Bcrypt only uses the first 72 UTF-8 bytes of a password. This tool warns when a value is long enough to hit that boundary.

Higher costs take more time to compute and verify. Test your production target on your own systems before changing stored-password policy.

Paste a full bcrypt hash when using verify mode. New hashes include their salt and cost in the hash string.



How it works

Bcrypt is a password-hashing scheme designed to be intentionally slow. The cost factor controls how much work is needed: each step up is noticeably slower, so use a value your application can verify reliably during sign-in without making attacks cheap.

Each generated bcrypt hash includes the algorithm marker, cost, salt, and hash data in one string. Store the whole string in your password database. Do not store or reuse the original password, and do not use bcrypt hashes as encryption keys or reversible secrets.

This browser tool is useful for testing and learning, not as a complete account-security system. Real applications also need rate limits, secure transport, unique passwords, breach-response processes, and careful operational monitoring.


References