UseToolSuite UseToolSuite

Bcrypt Generator & Verifier

Free online bcrypt hash generator and verifier. Generate bcrypt password hashes with adjustable cost factor and verify passwords against existing hashes — all in your browser.

Last updated

Bcrypt Generator & Verifier is a free, browser-based tool from UseToolSuite's Encoding & Decoding Tools collection. All processing happens locally on your device — your data is never uploaded to any server. Use the tool below, then scroll down for detailed documentation, frequently asked questions, and related resources.

Advertisement

Generate Hash

Verify Hash

What is Bcrypt Generator?

Bcrypt Generator is a free online tool that generates bcrypt password hashes and verifies passwords against existing bcrypt hashes. Bcrypt is the industry-standard password hashing algorithm recommended by OWASP for secure password storage. It includes built-in salting and an adjustable cost factor that makes brute-force attacks computationally expensive. All hashing runs entirely in your browser using the bcryptjs library — your passwords are never sent to any server.

When to use it?

Use Bcrypt Generator when you need to hash a password for storage in a database, verify a password against an existing hash during debugging, or test your application's authentication system. The hash info display shows the algorithm version, cost factor, and salt extracted from any bcrypt hash, helping you understand and debug authentication issues.

About the cost factor

The cost factor (also called "rounds" or "work factor") controls how computationally expensive the hash is to generate. Each increment doubles the time: cost 10 takes ~100ms, cost 12 takes ~400ms, cost 14 takes ~1.5s. OWASP recommends a minimum cost factor of 10, with 12 being a good balance between security and performance for most applications. Higher values provide stronger protection against brute-force attacks but increase login time.

Why bcrypt is slow on purpose

Most hash functions are designed to be fast — exactly the wrong property for passwords. If hashing a password takes a microsecond, an attacker with your leaked database can test billions of guesses per second. Bcrypt inverts this with a tunable cost factor: each increment doubles the work, so you can dial hashing to take ~250ms–1s on your hardware. That’s invisible to a user logging in once but devastating to an attacker trying to brute-force millions of hashes. This deliberate slowness — key stretching — is the entire point, and it’s why a fast hash like SHA-256 must never store passwords directly.

Tuning the cost factor over time

The cost factor isn’t set-and-forget. Hardware gets faster every year, so a cost that took 300ms in 2020 is quicker now:

CostApprox. iterationsRough time (modern CPU)
101,024~100 ms
124,096~250–400 ms
1416,384~1.5 s

Pick the highest cost that keeps your login latency acceptable (a common target is ~250ms server-side), and revisit it every couple of years — bumping it as hardware improves. Because each hash embeds its own cost, you can raise the cost for new hashes and transparently upgrade old ones on the user’s next successful login.

The 72-byte trap

Bcrypt silently ignores everything past the first 72 bytes of input. For ASCII that’s 72 characters; for multi-byte UTF-8 (accents, emoji, non-Latin scripts) it can be far fewer. Two real consequences: very long passphrases get truncated (so the tail adds no security), and — more dangerously — if you let users paste huge inputs, two different long passwords sharing a 72-byte prefix become interchangeable. The standard mitigation is to pre-hash with SHA-256 and bcrypt the result (bcrypt(base64(sha256(password)))), which compresses any-length input into a fixed, full-entropy value before bcrypt sees it.

Why every hash is different

Paste the same password twice and you’ll get two different 60-character hashes — that’s correct. Bcrypt generates a random salt per hash and embeds it in the output ($2b$12$<salt><hash>), so identical passwords never collide and precomputed rainbow tables are useless. Verification doesn’t re-guess the salt; it reads the salt straight out of the stored hash and recomputes. Everything here runs locally via the bcryptjs library — your passwords never leave the browser — but for the same reason production tokens should be generated server-side with proper key management, treat this tool as one for development, testing, and learning.

How helpful was this tool?

Click to rate

Advertisement

Key Concepts

Essential terms and definitions related to Bcrypt Generator & Verifier.

Bcrypt

An adaptive password hashing function based on the Blowfish cipher, designed to be computationally expensive to resist brute-force attacks. It includes automatic salt generation, a configurable cost factor, and produces a 60-character hash string containing the algorithm version, cost factor, salt, and hash. Bcrypt is recommended by OWASP, NIST, and most security authorities for password storage.

Cost Factor (Work Factor)

A parameter that controls bcrypt's computational cost. The actual number of iterations is 2^cost — so cost 10 means 1,024 iterations, cost 12 means 4,096 iterations. Higher cost factors make each hash slower to compute, directly increasing the time and hardware cost for an attacker attempting a brute-force attack. The cost factor should be periodically increased as hardware gets faster.

Salt (in bcrypt)

A 128-bit random value generated for each hash operation and embedded directly in the bcrypt output string. The salt ensures that identical passwords produce different hashes, defeating precomputed lookup tables (rainbow tables). Unlike external salting, bcrypt's salt is self-contained — the verification function extracts it from the hash string automatically.

Key Stretching

A technique that applies a hash function multiple times (iterations) to make the computation deliberately slow. Bcrypt, scrypt, Argon2, and PBKDF2 all use key stretching. The purpose is to increase the cost of brute-force attacks: if each hash takes 100ms, testing 1 billion passwords would take over 3 years on a single CPU.

Frequently Asked Questions

What is bcrypt and why should I use it for passwords?

Bcrypt is a password hashing function designed by Niels Provos and David Mazières in 1999, based on the Blowfish cipher. Unlike fast hash functions (SHA-256, MD5), bcrypt is intentionally slow and includes built-in salting. This makes brute-force and rainbow table attacks impractical. OWASP recommends bcrypt as a top choice for password storage alongside Argon2 and scrypt.

What cost factor should I use?

The cost factor (work factor) determines the computational expense of hashing. Each increment doubles the time. Cost 10 takes ~100ms, cost 12 takes ~400ms. OWASP recommends a minimum of 10, with 12 being a good default for most applications. Choose a value where hashing takes 250ms–1s on your production hardware — slow enough to deter brute-force but fast enough for user login.

Why does the same password produce a different hash each time?

Bcrypt generates a random 128-bit salt for every hash operation. The salt is embedded in the output string (characters 8–29). This means the same password always produces a different hash — which is by design. To verify a password, use the Verify section which extracts the salt from the stored hash and recomputes.

Is my password sent to any server?

No. All bcrypt hashing and verification runs entirely in your browser using the bcryptjs library. Your passwords never leave your device. The library is loaded from esm.sh CDN, but only the library code is downloaded — your input data stays local.

What is the format of a bcrypt hash string?

A bcrypt hash follows this format: $2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy. The parts are: $2b$ (algorithm version), 10$ (cost factor), the next 22 characters (Base64-encoded salt), and the remaining 31 characters (Base64-encoded hash). The total string is always 60 characters.

Should I use bcrypt or Argon2 in 2026?

OWASP now lists Argon2id as the first-choice password hashing algorithm, with bcrypt as a still-acceptable alternative — so for a brand-new system, prefer Argon2id if your platform has a well-maintained library. That said, bcrypt remains perfectly secure when configured correctly (cost 12+), is battle-tested, and is supported everywhere, so there's no urgency to rip it out of an existing system. The genuinely important decision isn't bcrypt-vs-Argon2 — it's using ANY purpose-built password hash (bcrypt, Argon2, scrypt) instead of a fast general-purpose hash. Both bcrypt and Argon2id are correct answers; SHA-256 is the wrong one.

What is a pepper, and should I add one?

A pepper is a secret value added to every password before hashing — but unlike the per-user salt (which bcrypt stores inside the hash), the pepper is the SAME for all users and is kept OUTSIDE the database, in application config or an HSM/secrets manager. Its purpose: if your database alone leaks, the attacker still can't crack hashes without also stealing the pepper from a separate system. It's a defense-in-depth layer, not a replacement for proper hashing. The common implementation is to HMAC the password with the pepper key before bcrypt. It's optional and adds operational complexity (the pepper must be rotated carefully), so add it when you can manage a secret store properly.

Troubleshooting & Technical Tips

Common errors developers encounter and how to resolve them.

Hash generation takes too long: High cost factor performance

Bcrypt's cost factor exponentially increases computation time. Cost 14 takes ~1.5 seconds, cost 16 takes ~6 seconds on a modern CPU. If hashing is too slow for your use case, lower the cost factor. For this browser-based tool, cost 12 or below provides a good balance. In production, benchmark on your actual server hardware and choose the highest cost factor that keeps login time under 1 second.

Verification fails for a correct password: Version prefix mismatch

Bcrypt hashes have version prefixes: $2a$, $2b$, and $2y$. The $2a$ prefix is the original version, $2b$ fixes a bug in the OpenBSD implementation, and $2y$ is PHP-specific. Most bcrypt libraries accept all three prefixes interchangeably. If verification fails, check that the hash string is complete (exactly 60 characters) and has not been truncated by a database column that is too short.

Password exceeds 72 bytes: Bcrypt input length limitation

Bcrypt only processes the first 72 bytes of input. For ASCII text, this means 72 characters; for UTF-8 text with multibyte characters, the limit may be fewer characters. Passwords longer than 72 bytes are silently truncated. If you need to support very long passwords, apply SHA-256 to the password first and then bcrypt the hash: bcrypt(sha256(password)). Most real-world passwords are well under 72 bytes.

Related Guides

In-depth articles covering the concepts behind Bcrypt Generator & Verifier.

Advertisement

Related Tools