Bcrypt Hash Generator
Generate and verify bcrypt password hashes.
Runs entirely in your browser.
Bcrypt Hashing Tool
About Bcrypt
Bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher. Unlike general-purpose hash functions, bcrypt is deliberately slow, which makes brute-force attacks far more expensive for an attacker.
Every bcrypt hash includes a randomly generated salt, so hashing the same password twice produces two different hashes. The salt is stored inside the hash string itself, which means you never need to store it separately. The salt defeats precomputed "rainbow table" attacks, because an attacker cannot reuse one table of precomputed hashes against many accounts.
The cost factor (also called work factor or rounds) controls how many iterations bcrypt performs: each increment doubles the work. A cost of 10 means 210 = 1024 iterations. As hardware gets faster, the cost factor can be raised, keeping bcrypt slow for attackers without changing the algorithm.
Fast hashes like MD5 and SHA-256 are great for checksums but poor for passwords: a modern GPU can compute billions of them per second, so leaked password databases hashed with them are cracked quickly. Bcrypt's tunable slowness and built-in salting make it (along with scrypt and Argon2) the recommended choice for storing passwords.
Hashing on this page is performed in your browser by the open source bcrypt.js library (MIT license).
