Enter a password and a cost factor, then hash. Use the verify section to check a password against an existing bcrypt hash.
Password
Cost (rounds)
Bcrypt hash
Verify
How it works
Bcrypt applies a slow key derivation with a random salt embedded in the output string.
Higher cost increases work factor. Typical web apps use roughly 10 to 12 today; tune for your latency budget.
What is bcrypt?
Bcrypt is a password hash designed to be slow and to include salt, resisting brute-force and rainbow tables better than fast hashes.
Caution
This tool is for development and learning. For production systems, hash on the server with audited libraries and follow current best practices.
Common questions
- Why is hashing slow?
- Intentionally. Slowness makes offline guessing harder.
- Can I use these hashes in production?
- Only if your stack accepts the same bcrypt format and you understand the risks of client side generation.
- What does the cost mean?
- It scales the work factor (2^cost iterations in the classic bcrypt setup).
- Alternatives to bcrypt?
- Argon2 is often recommended for new systems; scrypt is another option.