BCrypt Generator & Verifier

Generate a bcrypt hash from any password with an adjustable cost factor, or verify whether a password matches a hash you already have. Useful when seeding a test database, debugging a login, or checking what cost factor a hash was built with. The hashing runs in your browser, so passwords never leave your machine.

Password or text

Cost factor (rounds)10 (1024 iterations)

Higher cost is slower to compute and harder to brute-force. 10 to 12 is a common choice.

Why bcrypt

Bcrypt is built for passwords. It folds a random salt into every hash so two identical passwords come out different, and it has a cost factor you can crank up over time to stay ahead of faster hardware. That's why it shows up in so many auth libraries, and why a plain SHA-256 is the wrong tool for storing a password.

Picking a cost factor

The cost factor (also called rounds or work factor) is the exponent in how many iterations bcrypt runs. Each step up doubles the time. Higher is more resistant to brute force but slower to check on every login. Somewhere around 10 to 12 is a common balance for web apps. The chosen cost is baked into the hash string, so you can read it back later.

Generate or verify

Hash mode turns a password into a bcrypt string you can store. Verify mode takes a password plus a hash and tells you whether they match, the same check a login does behind the scenes. Handy for confirming a seeded test account works or figuring out whether a leaked hash matches a guess. Everything happens client-side.