Developer Tools

Hash passwords using bcrypt with configurable cost factor

Bcrypt Hash Generator

Hash passwords using bcrypt with configurable cost factor

100% OfflinePrivacy FirstSecure

Password Hashing

Password to Hash

Salt Rounds: 10

Higher values are more secure but take longer to compute

4 (Fast)15 (Slow)
410 (Default) (10)15

Generated Bcrypt Hash

Learn more about Bcrypt Hash Generator

About Bcrypt Hash Generator

Generate bcrypt hashes from plaintext passwords for testing your authentication system. Set the cost factor (rounds), hash a password, and verify that a plaintext password matches an existing hash โ€” all within your browser.

Key features

  • Generates bcrypt hash from any plaintext input
  • Adjustable cost factor (rounds) from 4 to 14
  • Verify mode: check if a password matches a hash
  • Displays the salt and hash components separately
  • All processing client-side โ€” passwords never transmitted

How to use Bcrypt Hash Generator

  1. 1Enter the plaintext password you want to hash
  2. 2Set the cost factor (10โ€“12 is typical for production use)
  3. 3Click "Generate Hash" to create the bcrypt hash
  4. 4Use the Verify tab to test if a password matches a hash

Frequently asked questions

What cost factor (rounds) should I use?
For production passwords, use a cost factor of 10โ€“12. Higher values are more secure but take longer to compute. The standard recommendation is 10 for most web applications.
Why does bcrypt take longer than MD5 or SHA?
Bcrypt is intentionally slow due to its key stretching algorithm. This makes brute-force attacks computationally expensive, which is exactly what you want for password hashing.
Why does the same password produce different hashes each time?
Bcrypt automatically generates a random salt for each hash, which is embedded in the output. This is by design and prevents rainbow table attacks.
Can I use bcrypt hashes directly in my database?
Yes. The full bcrypt output string contains the algorithm version, cost factor, salt, and hash โ€” everything needed for future password verification.