BrowserTools
Advertisement
Home / Encoders / Bcrypt Generator & Verifier

Bcrypt Generator & Verifier

Generate bcrypt password hashes and verify a password against an existing hash, entirely in your browser.

Loading Bcrypt Generator & Verifier… If nothing happens, please enable JavaScript.

Bcrypt is a password hashing function designed in 1999 by Niels Provos and David Mazieres, built specifically to make stored passwords resistant to brute-force cracking. Unlike fast general-purpose digests such as MD5 or SHA-256, bcrypt is deliberately slow and includes a tunable cost factor that sets how much computational work each hash requires. Every bcrypt hash also embeds a unique random salt, so two users with the same password produce completely different hashes, and a single output string carries everything needed to verify a password later: the algorithm version, the cost, the salt, and the digest. That self-contained format is why bcrypt hashes are safe to store directly in a database column.

Frequently asked questions

Are the passwords and hashes I enter sent anywhere?
No. Both hashing and verification run entirely in your browser using a JavaScript bcrypt implementation. Nothing you type is uploaded, transmitted, or logged. The tool keeps working offline once the page has loaded, so it is safe to use with real credentials while testing or learning.
What is the cost factor and which value should I use?
The cost factor (the number after the second dollar sign in a hash) sets how many rounds of work bcrypt performs, on a logarithmic scale. Each increment roughly doubles the time per hash. A cost of 10 is a common default; 12 is stronger but slower. Choose the highest cost your server can tolerate while keeping login response times acceptable, often around 100 to 250 milliseconds per hash.
Why does bcrypt include a salt automatically?
A salt is random data mixed into the hash so that identical passwords produce different outputs, defeating precomputed rainbow-table attacks. Bcrypt generates a fresh random salt for every hash and embeds it directly in the output string, so you do not need to store or manage salts separately. The verifier reads the salt straight out of the stored hash.
Can I reverse a bcrypt hash back into the password?
No. Bcrypt is a one-way function, so there is no decode operation and this tool has no decode mode. The only way to test a password is to hash a candidate with the same salt and cost and compare, which is exactly what Verify mode does. If a hash could be reversed, it would be useless for protecting passwords.
How does Verify mode know if a password matches?
It extracts the algorithm version, cost factor, and salt that are stored inside the bcrypt hash, re-hashes your candidate password with those same parameters, and checks whether the resulting digest equals the stored one. This is the identical process a login system uses, which is why you never need to store the original password anywhere.
How is bcrypt different from SHA-256 in the Hash Generator?
SHA-256 is a fast cryptographic digest meant for checksums, integrity checks, and fingerprinting; it is intentionally quick, which makes it a poor choice for passwords because attackers can try billions of guesses per second. Bcrypt is deliberately slow and salted, designed specifically to make password guessing expensive. Use the Hash Generator for file or data integrity, and bcrypt for storing passwords.
What do the $2a$ and $2b$ prefixes mean?
The leading marker identifies the bcrypt variant that produced the hash. $2a$ is the long-standing common version, while $2b$ is a corrected variant that fixed a wraparound bug related to very long inputs. Both are widely supported and verify correctly. The portion after the marker encodes the cost, and the rest contains the salt and digest together.
Does bcrypt have a password length limit?
Yes. Bcrypt only processes the first 72 bytes of the input password; anything beyond that is ignored. For most passwords this is irrelevant, but it matters if you pre-hash or concatenate long values before bcrypt. If you need to support arbitrarily long inputs, hash the password with SHA-256 first or use a function like Argon2 that has no such limit.

About Bcrypt Generator & Verifier

This tool has two modes. In Hash mode you enter a password and pick a cost factor of 8, 10, or 12 rounds, and it produces a complete bcrypt hash string beginning with a marker such as $2a$ or $2b$. A higher cost roughly doubles the work per increment, so 12 is noticeably slower than 10, which is the common default. In Verify mode you paste an existing bcrypt hash and a candidate password, and the tool reports whether they match. Verification works by re-running bcrypt with the salt and cost extracted from the stored hash, then comparing the result, which is exactly how a login system checks a password without ever storing it in plain text.

Everything runs locally in your browser using a JavaScript implementation of bcrypt. The passwords and hashes you enter are never uploaded, transmitted, or logged, which makes the tool safe for experimenting with real credentials while learning, testing a backend, or seeding a development database. Keep in mind that bcrypt is a one-way function: there is no decode mode, because a correct hash cannot be reversed back into the original password. It is also distinct from the fast hashes in the Hash Generator tool. Use bcrypt (or a modern alternative such as Argon2) for storing passwords, and reserve SHA-style digests for checksums, integrity checks, and non-password fingerprinting.

Why slow is a feature, not a bug

Most software is engineered to be as fast as possible, but bcrypt was deliberately designed to be slow, and that choice is the entire point. When Niels Provos and David Mazieres presented bcrypt at USENIX in 1999, they built it on the Blowfish cipher's expensive key-setup step and added an adjustable cost factor. The genius of the design is that the cost is not fixed in the algorithm; as computers get faster, defenders can simply raise the cost to keep password cracking just as painful as it was years earlier.

This matters because the threat is asymmetric. A legitimate server hashes one password per login, so a hash taking a fifth of a second is barely noticeable. An attacker who steals a password database, however, wants to try billions of guesses, and that same fifth of a second per attempt turns an afternoon of cracking into centuries. Fast hashes like MD5 and unsalted SHA-1 collapse under modern GPUs and purpose-built hardware that test tens of billions of candidates per second; bcrypt's tunable slowness and per-password salt blunt both brute force and rainbow tables at once.

Because the cost factor lives inside every hash, a system can transparently upgrade its security over time. When a user logs in, the server can check the cost embedded in their stored hash, and if it is below the current target, re-hash the freshly verified password at a higher cost and save the new value. Bcrypt has aged remarkably well since 1999, and while newer functions such as scrypt and Argon2 add memory-hardness to resist specialised hardware even better, bcrypt remains a sound, widely supported default for password storage.

Advertisement
Advertisement
Advertisement