Bcrypt
Hash and verify passwords with bcrypt
π 100% client-side β your data never leaves this pageAbout this tool
Generate bcrypt password hashes with a configurable cost factor (4-14), or verify a plaintext password against an existing bcrypt hash. The hash breakdown explains the algorithm prefix, cost factor, salt, and hash sections. Uses PBKDF2 via the Web Crypto API for secure computation in your browser.
Frequently Asked Questions
What is bcrypt?
Bcrypt is a password hashing function designed to be slow and expensive to compute. This makes brute-force and rainbow table attacks impractical. It is the recommended algorithm for storing user passwords.
What cost factor should I use?
A cost factor of 10-12 is recommended for most applications. Higher values are more secure but take longer to compute. Cost 10 typically takes 100-300ms, which is slow enough for attackers but fast enough for users.
Can I use this hash in my application?
The hash format is compatible with standard bcrypt implementations in Node.js (bcryptjs), Python (bcrypt), PHP (password_hash), and most other languages.
Is the computation done in my browser?
Yes. All hashing uses the Web Crypto API (PBKDF2) and runs entirely client-side. Your passwords are never transmitted.