Bcrypt Hash Generator
Crypto & SecurityHash passwords with bcrypt and verify existing hashes — configurable rounds. Free, private — all processing in your browser.
This tool is coming soon. Check back later!
The Bcrypt Generator creates bcrypt password hashes — the industry-standard algorithm for storing passwords securely. Bcrypt is adaptive — you set a cost factor (rounds) that determines how slow the algorithm runs. Higher cost = more secure (harder to brute-force) but slower to compute. The generator lets you hash any password with rounds from 4 to 15 (4 is very fast for testing, 12 is current production default, 15 is very slow but maximally secure). Also verifies existing bcrypt hashes against passwords — paste a hash and a password, get an instant match/no-match result.
Proper password storage is critical. Plain text, SHA-256, and even salted SHA-256 are all too fast — a modern GPU can try billions per second on a leaked hash database. Bcrypt is intentionally slow (~100 milliseconds per hash at cost 12) and memory-hard, making brute force impractical. This tool runs entirely in your browser — passwords and hashes never upload. Use to test your authentication code, verify legacy hashes during migration, or understand bcrypt for the first time.
Bcrypt Hash Generator — key features
Configurable rounds (4-15)
Choose cost factor — 4 for fast testing, 12 for production default, 15 for maximum security. Higher rounds = more secure but slower.
Hash generation
Enter password, get complete bcrypt hash with embedded salt and rounds. Ready to store in database.
Hash verification
Paste an existing bcrypt hash and a candidate password. Tool shows match or no-match. Works with hashes from any bcrypt implementation.
Supports all versions
Hashes starting with $2$, $2a$, $2b$, $2y$ all verified correctly. Generated hashes use $2b$ (current standard).
Timing display
Shows how long generation took. Useful for tuning rounds to your acceptable latency (250ms is a common target).
Salt inspection
Decompose any bcrypt hash to see cost factor and salt separately. Educational — understand the format.
Batch hashing
Generate hashes for multiple passwords at once. Useful for test fixtures.
100% client-side
Passwords and hashes stay in your browser. Safe for production credential work.
How to use the Bcrypt Hash Generator
- 1
Enter a password
The password to hash. Can include special characters, spaces, Unicode. Kept in your browser only.
- 2
Choose rounds
12 is the current production default. 10 for lower-security apps. 14-15 for high-security or when you can tolerate slower login (hashing time in milliseconds-to-seconds range).
- 3
Click Hash
Bcrypt generates a random salt and produces the hash. Takes 50ms to 2 seconds depending on rounds. Longer at higher rounds.
- 4
Copy the hash
Store this exact string in your database user_password column. Includes version, rounds, salt, and hash — self-contained.
- 5
(Optional) Verify
Switch to verify mode. Paste an existing hash and a candidate password. Tool confirms match or not.
Common use cases for the Bcrypt Hash Generator
Authentication
- →Password storage: Hash user passwords before storing in database. On login, verify entered password against stored hash. Standard secure pattern.
- →API key hashing: Store API keys hashed, not in plaintext. On request, hash the provided key and compare — like passwords.
- →Recovery token storage: Password reset tokens and email verification tokens — hash before storing, compare hashes on use.
- →OAuth client secrets: Hash client secrets before storing. Verify by hashing submitted secret.
Migration and testing
- →Verify legacy bcrypt hashes: When migrating between systems, verify that old bcrypt hashes still validate correctly. Useful for testing password import.
- →Test fixtures with known passwords: Generate fixtures with password=test, hash stored in fixtures. Integration tests use fixture password and bcrypt.compare.
- →Benchmark rounds: Measure how long different rounds take on your target hardware. Pick the highest rounds your login latency budget allows.
- →Upgrade rounds: When rotating password hashing, hash re-validation can use lower rounds initially. Track rounds per user.
Debugging
- →Investigate auth failures: User cannot log in? Verify their stored hash against their claimed password. Reveals typos, casing issues, or hash corruption.
- →Reproduce production bugs: Generate hashes matching specific conditions for local debugging.
- →Verify bcrypt compatibility: Python bcrypt, Node bcrypt, PHP password_hash should all produce compatible hashes. Test cross-platform.
Learning and education
- →Understand password hashing: Hash same password multiple times — see different outputs (random salt). Demonstrates why salted hashes resist rainbow tables.
- →Compare rounds: Hash same password with rounds 4 through 14. See how time increases. Understand the tradeoff.
- →Cross-library verification: Hash in one tool, verify in another library (Node bcrypt, Python passlib). Learn cross-compatibility.
Bcrypt Hash Generator — examples
Simple hash (rounds 10)
Basic password hashing.
Password: hunter2 Rounds: 10
$2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
Hash with production rounds
Standard production setting.
Password: MyStr0ng!Pass Rounds: 12
$2b$12$abcdefghij...kijlmnop (60 chars) Took: ~250ms on modern CPU
Hash with high rounds
Maximum security (slow).
Password: CriticalAdminPassword Rounds: 14
$2b$14$abcdefghij... (60 chars) Took: ~1 second Suitable for admin accounts where login latency matters less.
Verify existing hash
Check password against stored hash.
Hash: $2b$12$abc...def Candidate: MyStr0ng!Pass
✓ MATCH — password is correct
Verify wrong password
Wrong password for same hash.
Hash: $2b$12$abc...def Candidate: WrongPassword
✗ NO MATCH
Same password, different hashes
Bcrypt generates random salt.
Hash password: hunter2 twice
First hash: $2b$12$abc...def Second hash: $2b$12$xyz...123 Different outputs because of random salt. Both validate against password: hunter2.
Version variants
All variants work interchangeably.
$2a$12$... $2b$12$... $2y$12$...
All three prefixes are cross-compatible. Any bcrypt library accepts any of these. Generate $2b$ for new hashes (current standard).
Technical details
Bcrypt is a password-hashing function designed in 1999 by Niels Provos and David Mazières, based on the Blowfish cipher. It is adaptive — cost can be increased over years as computers get faster.
Bcrypt hash format:
``
$2b$12$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
Structure: $2b$rounds$22-char-salt-22-char-hash
- $2b$ — version prefix (2b is current; 2a, 2y also common)
- 12 — cost factor (rounds) — here, 2^12 = 4096 iterations
- Next 22 chars — salt (128-bit, Base64-encoded, modified alphabet)
- Final 31 chars — hash output (192-bit, modified Base64)
Total length: 60 characters.
Cost factor (rounds):
The exponent — actual iterations are 2^rounds.
- 4 rounds = 2^4 = 16 iterations (essentially instant)
- 10 rounds = 1024 iterations
- 12 rounds = 4096 iterations (current production default, ~250ms on modern hardware)
- 14 rounds = 16,384 iterations (~1 second)
- 15 rounds = 32,768 iterations (~2 seconds)
Increase rounds over time as hardware improves. Industry guideline: hash should take ~250ms (acceptable latency for a login).
Why bcrypt is slow (by design):
- Each iteration mixes salt with password using Blowfish key scheduling.
- Blowfish key schedule is expensive — designed for slow initialization.
- Memory access pattern is deliberately cache-unfriendly, limiting GPU acceleration.
Known limitations:
1. 72-byte password limit — bcrypt truncates passwords longer than 72 bytes. For very long passphrases, pre-hash with SHA-256 then bcrypt the hash.
2. Non-null-byte requirement — some legacy implementations fail on null bytes in passwords.
3. No forward secrecy — if algorithm is broken in future, all historical hashes are vulnerable.
Version prefixes:
- $2$ — original (deprecated).
- $2a$ — updated with UTF-8 fix (most common in older code).
- $2b$ — fixes a wrap-around bug in PHP implementation (current standard).
- $2y$ — PHP-specific (equivalent to 2b).
- $2x$ — PHP-specific broken version (do not use).
All are cross-compatible — implementations should accept all variants, ideally generate 2b.
Salt:
Bcrypt generates a random 128-bit salt per hash, included in the output. Same password produces different hashes — no rainbow tables possible. You never need to manage salt separately; it is embedded.
Password verification:
To verify: extract salt from stored hash, re-hash provided password with that salt, compare in constant time. If match, password is correct.
Bcrypt vs argon2 vs scrypt:
| Algorithm | Year | Memory-hard | Status |
|---|---|---|---|
| bcrypt | 1999 | Minimal | Secure, widely deployed |
| scrypt | 2009 | Yes | Secure, less common |
| argon2 | 2015 | Yes | Recommended for new systems |
Argon2 won the Password Hashing Competition (2015). It is memory-hard (resists GPU/ASIC attacks better) and has configurable memory cost. For new systems, use argon2. Bcrypt remains secure and widespread for legacy systems.
Common problems and solutions
⚠72-byte password limit
Bcrypt silently truncates passwords over 72 bytes. hunter2test...verylongpassphrase may hash same as hunter2test...different. For long passphrases, pre-hash with SHA-256: bcrypt(sha256(password)).
⚠Too few rounds
Rounds of 4-8 are not secure for production — too fast. Attacker with GPU can crack millions per minute. Use 10+ for production, 12 for modern standard, 14+ for high security.
⚠Comparing hashes directly
Two hashes of same password are different (random salt). Do NOT compare hashes — use bcrypt.compare(password, hash) which extracts salt and rehashes password for comparison.
⚠Storing plaintext alongside hash
Some developers accidentally log the plaintext password while storing the hash. Never log passwords. Never store plaintext, even in secondary fields or audit logs.
⚠Cross-library incompatibility
Python passlib, Node bcrypt, PHP password_hash all produce compatible $2b$ hashes. But some older implementations have quirks. Test cross-platform before migration.
⚠Keeping too-low rounds
10 rounds was secure in 2015 but compute has advanced. Check your rounds annually and upgrade. Re-hash on user login if rounds below target.
⚠Hashing on the client
Bcrypt is expensive. Hashing client-side slows login (seconds) and exposes cost factor to attackers. Always hash on server with controlled hardware.
⚠Using bcrypt for fast hashing
Bcrypt is for passwords — slow by design. For data integrity hashes (content fingerprints, ETags), use SHA-256 (fast, not adaptive). Don not use bcrypt for non-password use cases.
Bcrypt Hash Generator — comparisons and alternatives
Bcrypt vs Plain SHA-256: SHA-256 is fast (~billions/sec GPU) — not suitable for password storage. Bcrypt is deliberately slow (~250ms per hash). For password storage, always use bcrypt/argon2/scrypt — never plain SHA.
Bcrypt vs Argon2: Argon2 won the Password Hashing Competition (2015). More memory-hard (resists GPU attacks better). Configurable memory cost. Use Argon2 for new systems; bcrypt for legacy. Both are secure.
Bcrypt vs Scrypt: Scrypt (2009) is memory-hard by design. Good security. Less common than bcrypt, which predates it. Practical difference: both are secure; use what your framework supports.
Bcrypt vs PBKDF2: PBKDF2 is another password-hashing algorithm. Widely deployed (iOS keychain, Android credentials). Not memory-hard — weaker against specialized hardware. Modern preference is bcrypt/argon2/scrypt over PBKDF2.
Bcrypt vs HMAC: HMAC (our HMAC Generator) is for message authentication — fast. Bcrypt is for password storage — slow. Different purposes; do not confuse.
Bcrypt Generator vs Password Strength Checker: Generator hashes passwords for storage. Our Password Strength Checker evaluates password strength. Use both: check strength before hashing.
Frequently asked questions about the Bcrypt Hash Generator
▶What is bcrypt?
Bcrypt is a password-hashing algorithm designed for password storage. Unlike fast hashes (SHA-256), bcrypt is intentionally slow (~100-500ms per hash) and adaptive (you can increase cost over time). This makes brute force attacks impractical. Widely used since 1999, still secure in 2026.
▶Why is bcrypt slow?
By design. Fast hashes (SHA-256 at ~200 billion hashes per second on GPU) make password brute force too easy. Bcrypt is slow (~250ms per hash at default cost) so attackers cannot try billions of passwords per second. The slowness is deliberate and essential for security.
▶What rounds should I use?
12 is the current production default in 2026. Higher rounds are more secure but slower. Practical rule: hash should take 250-500ms on your production hardware. Check your rounds annually and increase as hardware improves.
▶Is my password safe with this tool?
Yes. Hashing happens entirely in your browser. Passwords never upload. Safe for testing authentication code, verifying legacy hashes, and understanding bcrypt.
▶What is the 72-byte password limit?
Bcrypt silently truncates passwords longer than 72 bytes. Different long passwords may hash to the same value. For passphrases longer than 72 bytes, pre-hash with SHA-256 first, then bcrypt the hash. Most applications do this in wrapper code.
▶Can I verify a hash from another library?
Yes. Bcrypt is cross-compatible — hashes from Python passlib, Node bcrypt, PHP password_hash, Java jBCrypt, etc. all work with each other. Paste any bcrypt hash and password, verify in this tool.
▶What is the difference between $2a$, $2b$, $2y$?
Different bcrypt version prefixes: $2a$ is updated with UTF-8 fix (older). $2b$ is current standard (fixes PHP wrap-around bug). $2y$ is PHP-specific equivalent to $2b$. All cross-compatible; any bcrypt implementation handles all of them. Generate $2b$ for new hashes.
▶Should I use bcrypt or argon2 for new systems?
Argon2 is recommended for new systems — won the 2015 Password Hashing Competition. More memory-hard than bcrypt, better against specialized hardware. Bcrypt remains secure and widely deployed. Both are good; pick based on framework support and team expertise.
▶Why do same passwords produce different hashes?
Random salt. Bcrypt generates a new 128-bit salt each time you hash. Same password + different salt = different hash. This prevents rainbow table attacks (pre-computed hash tables). You never need to manage salt separately — it is embedded in the hash string.
▶Can I pre-compute bcrypt hashes?
Not usefully. The random salt means you cannot build a rainbow table against bcrypt — each password needs its own salt. Pre-computation only helps if you know the salt in advance, which attackers do not.
Additional resources
- Bcrypt Paper (1999) — Original bcrypt design by Provos and Mazières.
- Password Hashing Competition — 2015 competition that selected Argon2 as winner.
- OWASP Password Storage Cheat Sheet — Current best practices for password storage.
- Argon2 — Modern successor to bcrypt.
- Have I Been Pwned — Database of breached passwords.
Related tools
All Crypto & SecurityBase64 Encoder/Decoder
Encode and decode Base64 strings, files, and images instantly
Hash Generator
Generate MD5, SHA-1, SHA-256, SHA-512 hashes for text and files
HMAC Generator
Generate HMAC signatures (SHA-256, SHA-512) for API auth and webhook verification
JWT Decoder
Decode and inspect JSON Web Token (JWT) headers, payloads, and signatures
JWT Generator
Create signed JSON Web Tokens (JWT) with custom claims — HS256, RS256, ES256
Password Generator
Generate strong, cryptographically secure random passwords
Learn more
Explore more tools
200+ free tools that run in your browser.
Browse all tools →