Language
English English Vietnamese (Tiếng Việt) Vietnamese (Tiếng Việt) Chinese (简体中文) Chinese (简体中文) Portuguese (Brazil) (Português do Brasil) Portuguese (Brazil) (Português do Brasil) Spanish (Español) Spanish (Español) Indonesian (Bahasa Indonesia) Indonesian (Bahasa Indonesia)
bcrypt Generator

bcrypt Generator

Generate and verify bcrypt password hashes with an adjustable cost factor. Everything runs in your browser, so passwords never leave your device.

bcrypt Generator: Hash & Verify Passwords Online

This bcrypt generator turns any password into a secure bcrypt hash and verifies whether a password matches an existing hash — right in your browser. It is built for developers who need to seed a database, test a login flow, or check a stored bcrypt hash without spinning up code.

bcrypt is a deliberately slow password-hashing algorithm with a built-in salt, which makes hashes far harder to brute-force than fast functions like MD5 or SHA-256. Pick a cost factor from 4 to 31, switch between Generate and Verify, and the tool handles the rest with the bcryptjs library.

Private by design: all hashing and verification run locally in your browser using the bcryptjs library. Your passwords and hashes are never uploaded to any server — you can even use the tool offline.

How to Use the bcrypt Generator

1

Pick Generate or Verify

Use the Generate tab to create a new hash from a password, or the Verify tab to check whether a password matches an existing bcrypt hash.

2

Enter your input

Type the password to hash. In Verify mode, also paste the bcrypt hash you want to check it against. Click Sample Data to fill in example values fast.

3

Choose a cost factor

Set the Cost Factor (rounds) for new hashes. The default of 12 suits most production apps, and a color-coded badge shows the security level for your choice.

4

Generate or verify

Click Generate Hash to produce the hash, then copy it with one tap. In Verify mode, click Verify Password to see a green Match or red Mismatch result.

Anatomy of a bcrypt Hash

Every hash this tool generates uses the modern $2b$ version and packs the algorithm, cost, salt, and digest into a single string:

$2b$12$WApznUPhDubN0oeveSFPpOLo0dVMFJ.3CC9TmGkMxLFvnEGbgm4jq

$2b$ — Version

The algorithm identifier. 2b is the current standard; the tool generates 2b hashes and can verify 2a, 2b, and 2y.

12 — Cost factor

The number of rounds, where iterations = 2^cost. A cost of 12 means 2^12 = 4,096 iterations per hash.

Salt — Next 22 chars

A unique random salt, Base64 encoded, generated for every hash to defeat precomputed rainbow tables.

Hash — Final 31 chars

The Base64-encoded digest of your password combined with the salt at the chosen cost.

Features

Generate & Verify Modes

Create a fresh bcrypt hash from a password, or switch tabs to check whether a password matches an existing hash.

Adjustable Cost Factor

Choose any cost from 4 to 31 rounds to balance hashing strength against generation speed.

Security Level Badge

A color-coded badge labels each cost as Low, Medium, Recommended, High, or Very High at a glance.

Hash Details Breakdown

Each result shows the algorithm version and cost factor so you can read the hash at a glance.

Generation Time

The exact time taken is displayed for every hash and check, so you can gauge the cost of higher rounds.

Multi-Version Verify

Verify mode accepts $2a$, $2b$, and $2y$ hashes and flags invalid formats.

One-Click Copy

Copy the generated hash to your clipboard with a single tap, ready to paste into your code or database.

Sample Data & Clear

Load example values to test instantly, then clear the fields to start over whenever you like.

100% Client-Side

Everything runs in your browser with the bcryptjs library — no password ever leaves your device.

Choosing the Right Cost Factor

Higher rounds mean stronger hashes but slower generation. Use these ranges as a starting point and adjust to your hardware:

Rounds Level Use Case
4–9 Low Development and testing only
10–11 Medium Low-security applications
12–13 Recommended Production applications
14–17 High High-security systems
18–31 Very High Maximum security (slow generation)

Frequently Asked Questions

How do I generate a bcrypt hash?

On the Generate tab, type your password, pick a cost factor (12 is a good default), and click Generate Hash. The bcrypt hash appears instantly, and you can copy it with one tap.

Can you decrypt or reverse a bcrypt hash?

No. bcrypt is a one-way hashing algorithm, not encryption, so a hash cannot be turned back into the original password. The only way to confirm a password is to hash it again and compare — which is exactly what the Verify tab does.

How do I verify a password against a bcrypt hash?

Switch to the Verify tab, enter the password, paste the bcrypt hash, and click Verify Password. The result shows a green Match if the password produces that hash or a red Mismatch if it does not.

Why does the same password produce a different hash each time?

bcrypt embeds a unique random salt in every hash, so even identical passwords generate completely different strings. This is by design — it defeats precomputed rainbow-table attacks. Verification still works because the salt is stored inside the hash itself.

What are salt rounds and the cost factor?

The cost factor (also called rounds) controls how much work bcrypt does: iterations equal 2 raised to the cost. A higher number makes hashing exponentially slower and therefore harder to brute-force. For most production apps, 12 rounds balances security and performance well.

What is the difference between $2a$, $2b$, and $2y$?

$2a$ is the original specification, $2b$ is the updated version that fixes long-password handling, and $2y$ is PHP's identifier. All three are compatible — this tool generates $2b$ hashes and can verify all three formats.

Is there a maximum password length?

bcrypt processes up to 72 bytes of input and silently truncates anything longer. This is rarely an issue, but if you need to hash very long passphrases, pre-hash them with SHA-256 before applying bcrypt.

Is my password safe when using this tool?

Yes. All hashing and verification happen entirely in your browser with the bcryptjs library — your password is never sent to any server. You can confirm this by using the tool while disconnected from the internet.

Recommended
Password
bcrypt Hash
Output

Enter a password and click Generate to create a bcrypt hash

bcrypt Hash
Algorithm 2b
Cost Factor 12
Generation Time
Ready
|
Use cost factor 12 for production apps — it balances security and performance
Higher rounds mean stronger hashes but slower generation — watch the generation time as you tune it
Click Sample Data to prefill example values and test instantly
In Verify mode, paste any $2a$, $2b$, or $2y$ hash to check it against a password
Your passwords never leave your browser — all hashing runs locally in JavaScript
Want to learn more? Read documentation →
1/6
Start typing to search...
Searching...
No results found
Try searching with different keywords