Bcrypt Hash Generator & Verifier
Generate and verify bcrypt password hashes with a tunable cost factor — all computed locally in your browser.
Bcrypt truncates input to 72 bytes. Passwords longer than that are silently shortened.
Self-contained: includes algorithm, cost, and 16-byte salt.
Hashing and verification run locally in your browser. Passwords never leave your device.
Built for passwords
Bcrypt is intentionally slow and salted — the standard recommendation for password storage for over 20 years.
Tunable cost factor
Slide the cost factor from 4 to 15 to match your hardware. Each step doubles the work attackers must do.
Generate and verify
Create new hashes or check whether a password matches an existing bcrypt hash — fully offline.
What is bcrypt?
Bcrypt is a password-hashing function based on the Blowfish cipher. Unlike fast hashes such as MD5 or SHA-256, bcrypt is deliberately slow: a cost factor controls how many internal key-setup rounds run, so the same password takes hundreds of milliseconds to hash. That slowness is the point — it caps how many guesses an attacker can make per second, even on specialized hardware.
Anatomy of a bcrypt hash
A bcrypt hash is a single self-describing string like $2b$12$R9h…. The $2b$ prefix identifies the algorithm version, 12 is the cost factor, and the remaining 53 characters encode the 16-byte salt and 24-byte hash output. Because the salt is embedded, you only need to store the single string — no separate salt column.
Choosing a cost factor
The cost factor is a power-of-two work multiplier. Increasing it by one doubles the hashing time and doubles attacker cost. As of 2026, OWASP recommends a cost of at least 10 for general web apps, with 12+ for sensitive systems. Pick the highest value your login endpoint can absorb without harming UX — ~250 ms per verification is a common target.
Bcrypt vs Argon2 vs scrypt
Bcrypt, scrypt, and Argon2 are all password-hashing functions designed to resist brute force. Argon2id (winner of the 2015 Password Hashing Competition) is the modern recommendation for new systems because it adds memory-hardness against GPU and ASIC attacks. Bcrypt remains a sound, widely-supported choice and is still recommended by OWASP when Argon2 is not available.
Frequently asked questions
›What is bcrypt?
Bcrypt is a password-hashing function designed by Niels Provos and David Mazières in 1999, based on the Blowfish cipher. It is deliberately slow and includes a tunable cost factor to stay resistant to brute-force attacks as hardware improves.
›Why use bcrypt instead of SHA-256 or MD5 for passwords?
MD5 and SHA-256 are fast general-purpose hashes — an attacker with a GPU can try billions of guesses per second. Bcrypt is intentionally slow and uses a per-password salt, making large-scale brute-force and rainbow-table attacks impractical.
›What does the cost factor (rounds) mean?
The cost factor is a power of two. Cost 10 means 2^10 = 1024 internal key-setup iterations; cost 12 means 2^12 = 4096. Each +1 doubles the work and roughly doubles the time required to hash or check a password.
›What cost factor should I use?
Pick the highest cost your server can tolerate. As of 2026, 10–12 is a common baseline for web apps; 12–14 is recommended for high-security systems. Aim for ~250 ms per hash on your production hardware.
›Why does bcrypt truncate input at 72 bytes?
Bcrypt's internal Blowfish key schedule only consumes the first 72 bytes of input. Any characters beyond that are silently ignored. For long passphrases, pre-hash with HMAC-SHA-256 and feed the digest to bcrypt, or use Argon2 / scrypt instead.
›What do the parts of a bcrypt hash mean?
A bcrypt hash looks like $2b$12$abcdefghijklmnopqrstuu… — $2b is the algorithm version, 12 is the cost factor, the next 22 chars are the Base64-encoded 16-byte salt, and the final 31 chars are the encoded 24-byte hash output.
›What is the difference between $2a$, $2b$, and $2y$?
They are version prefixes. $2a$ was the original, $2y$ was a PHP-specific fix for a sign-extension bug, and $2b$ is the corrected modern form. All three are read identically by most modern libraries; new hashes should use $2b$.
›Do I need to store the salt separately?
No. The salt is embedded inside the bcrypt hash string, so you only need to store the single hash value in your database. Verification re-derives the salt automatically.
›Is bcrypt still considered secure?
Yes. Bcrypt remains a sound choice for password hashing. For new systems, Argon2id is the modern recommendation (winner of the Password Hashing Competition), but bcrypt at cost 12+ is still widely accepted by OWASP and NIST.
›Is my password sent to a server?
No. All hashing and verification runs locally in your browser using bcryptjs. Your password and hashes never leave your device.
More free developer tools
Part of our growing tool belt — all client-side, all free.
MD5, SHA-1 & SHA-256 Hash Generator
Generate cryptographic hashes from text, locally and instantly.
Open toolSHA-256 Hash Generator
Generate SHA-256 hashes from text or files — hex, Base64, and Base64URL output, all in your browser.
Open toolSHA-512 Hash Generator
Generate SHA-512 hashes from text or files — hex, Base64, and Base64URL output, all in your browser.
Open tool