Bcrypt Generator

Hash passwords with bcrypt in your browser. Choose cost factor, generate hashes, and verify passwords. Runs locally — nothing uploaded.

Higher = slower = more secure

How to use

  1. Enter the password to hash, adjust the cost factor (10 recommended), and click "Generate hash".
  2. Copy the resulting bcrypt hash to use in your application.
  3. To verify: switch to the Verify tab, enter the plaintext password and the stored hash, and click "Verify".

Frequently asked questions

What is bcrypt and why is it used for passwords?

Bcrypt is intentionally slow — the cost factor controls how many computation rounds are needed. This makes brute-force attacks impractical. It also salts each hash automatically, preventing rainbow table attacks.

What cost factor should I use?

Use 10–12 for most web applications. Factor 10 takes ~100ms per hash — slow enough to deter attackers, fast enough for login forms.

Does bcrypt hash the same password differently each time?

Yes. A random salt is generated each time and embedded in the hash string. That's why the verify function can reconstruct the salt from the stored hash.

Is it safe to run bcrypt in a browser?

For testing and learning, yes — bcryptjs is pure JavaScript, no server calls. For production, always hash passwords server-side, never in the client.

Last updated

Powered by maratool