Generate Bcrypt Hash
Verify Password
About Bcrypt
Each hash includes a unique random salt, preventing rainbow table attacks even if two users have the same password.
The cost factor lets you tune the computation time. As hardware improves, increase the factor to stay secure.
Everything runs in your browser. Your passwords and hashes are never transmitted or stored anywhere.
Cost Factor Reference
| Cost Factor | Approx. Time | Recommendation |
|---|---|---|
| 4 | < 1ms | Testing only |
| 8 | ~5ms | Low-traffic / legacy |
| 10 | ~100ms | ✓ Recommended default |
| 12 | ~400ms | High-security apps |
| 14 | ~1.5s | Maximum security |
Frequently Asked Questions
What is bcrypt?
Bcrypt is a password hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher. It incorporates a salt to protect against rainbow table attacks and is adaptive — the cost factor can be increased over time to make it resistant to brute-force attacks as hardware gets faster.
What cost factor should I use?
A cost factor of 10 or 12 is recommended for most applications in 2024. Higher values are more secure but slower. Cost factor 10 takes ~100ms on a modern server, which is a good balance between security and performance.
Is my password sent to a server?
No. This tool runs entirely in your browser. Your password and hash never leave your device. The bcrypt computation happens client-side using JavaScript.
Can I use this hash in my application?
Yes. Bcrypt hashes generated here are standard and compatible with any bcrypt library in Node.js, Python, PHP, Java, Ruby, Go, and more.
Why does bcrypt produce a different hash each time?
Bcrypt generates a unique random salt every time it hashes a password. The salt is embedded in the output hash, so verification works correctly even though each hash looks different. This is a security feature, not a bug.