Bcrypt Generator & Verifier
Generate bcrypt password hashes and verify a password against an existing hash, entirely in your browser.
Loading Bcrypt Generator & Verifier… If nothing happens, please enable JavaScript.
Bcrypt is a password hashing function designed in 1999 by Niels Provos and David Mazieres, built specifically to make stored passwords resistant to brute-force cracking. Unlike fast general-purpose digests such as MD5 or SHA-256, bcrypt is deliberately slow and includes a tunable cost factor that sets how much computational work each hash requires. Every bcrypt hash also embeds a unique random salt, so two users with the same password produce completely different hashes, and a single output string carries everything needed to verify a password later: the algorithm version, the cost, the salt, and the digest. That self-contained format is why bcrypt hashes are safe to store directly in a database column.
Frequently asked questions
Are the passwords and hashes I enter sent anywhere?
What is the cost factor and which value should I use?
Why does bcrypt include a salt automatically?
Can I reverse a bcrypt hash back into the password?
How does Verify mode know if a password matches?
How is bcrypt different from SHA-256 in the Hash Generator?
What do the $2a$ and $2b$ prefixes mean?
Does bcrypt have a password length limit?
About Bcrypt Generator & Verifier
This tool has two modes. In Hash mode you enter a password and pick a cost factor of 8, 10, or 12 rounds, and it produces a complete bcrypt hash string beginning with a marker such as $2a$ or $2b$. A higher cost roughly doubles the work per increment, so 12 is noticeably slower than 10, which is the common default. In Verify mode you paste an existing bcrypt hash and a candidate password, and the tool reports whether they match. Verification works by re-running bcrypt with the salt and cost extracted from the stored hash, then comparing the result, which is exactly how a login system checks a password without ever storing it in plain text.
Everything runs locally in your browser using a JavaScript implementation of bcrypt. The passwords and hashes you enter are never uploaded, transmitted, or logged, which makes the tool safe for experimenting with real credentials while learning, testing a backend, or seeding a development database. Keep in mind that bcrypt is a one-way function: there is no decode mode, because a correct hash cannot be reversed back into the original password. It is also distinct from the fast hashes in the Hash Generator tool. Use bcrypt (or a modern alternative such as Argon2) for storing passwords, and reserve SHA-style digests for checksums, integrity checks, and non-password fingerprinting.
Why slow is a feature, not a bug
Most software is engineered to be as fast as possible, but bcrypt was deliberately designed to be slow, and that choice is the entire point. When Niels Provos and David Mazieres presented bcrypt at USENIX in 1999, they built it on the Blowfish cipher's expensive key-setup step and added an adjustable cost factor. The genius of the design is that the cost is not fixed in the algorithm; as computers get faster, defenders can simply raise the cost to keep password cracking just as painful as it was years earlier.
This matters because the threat is asymmetric. A legitimate server hashes one password per login, so a hash taking a fifth of a second is barely noticeable. An attacker who steals a password database, however, wants to try billions of guesses, and that same fifth of a second per attempt turns an afternoon of cracking into centuries. Fast hashes like MD5 and unsalted SHA-1 collapse under modern GPUs and purpose-built hardware that test tens of billions of candidates per second; bcrypt's tunable slowness and per-password salt blunt both brute force and rainbow tables at once.
Because the cost factor lives inside every hash, a system can transparently upgrade its security over time. When a user logs in, the server can check the cost embedded in their stored hash, and if it is below the current target, re-hash the freshly verified password at a higher cost and save the new value. Bcrypt has aged remarkably well since 1999, and while newer functions such as scrypt and Argon2 add memory-hardness to resist specialised hardware even better, bcrypt remains a sound, widely supported default for password storage.