Bcrypt
HashingHash a password with bcrypt and verify against an existing hash.
What this tool helps with
bcrypt is a deliberately slow, salted password hash designed to make brute-force attacks expensive even on modern hardware. Each hash contains its cost factor and salt, so verifying a password is self-contained — there's no separate salt column. This tool generates a bcrypt hash for a chosen cost and verifies a candidate password against an existing hash, in your browser, so the password and the hash never leave the page.
How to use Bcrypt
- Open the Bcrypt page and paste, type, or generate the bcrypt input you want to work with.
- Pick the options you need so the tool can hash a password with bcrypt and verify against an existing hash
- Copy the hash result with one click and use it in your next step — terminal, editor, ticket, or anywhere else you need it.
Common uses
- Reach for Bcrypt when you need to hash a password with bcrypt and verify against an existing hash during debugging, code review, or content preparation.
- Skip installing a desktop bcrypt app — open this hashing utility on a shared machine, an iPad, or a colleague's laptop and it just works.
- Bookmark or share the page when you and your team keep coming back to the same bcrypt, hash, password, and verify workflow.
FAQ
What cost factor should I use?
Pick a cost that takes roughly 250ms on your verification server. That's slow enough to frustrate an attacker, fast enough for users not to notice. As of 2026 that's around cost 12; reassess as hardware improves.
Why does the same password produce different hashes?
Each hash is computed with a fresh random salt baked into the output. Two hashes of the same password are intentionally different — and both correctly verify against that password.
Should I still use bcrypt or move to Argon2?
Argon2 is the modern recommendation for new systems because it's also memory-hard. bcrypt remains a sound choice and is still ubiquitous; both are vastly better than a plain SHA. Don't migrate just for the sake of it.