bcrypt Hash Generator

Related Tools

How to use the bcrypt generator

• Paste the password to hash. (For test-fixture generation; never paste real production passwords into any browser tool.)
• Set the cost factor (4-12). 10 is the OWASP 2026 minimum for production; each step doubles compute time. Use 4 only for unit tests where you need fast hashing.
• Click Generate. The result is the standard modular-crypt format: `$2a$cost
  lt;22-char-base64-salt><31-char-base64-hash>` — exactly 60 characters total.
• Click Copy for the clipboard, or Compare to paste a candidate password and verify it against the generated hash (uses `bcryptjs.compare` internally).
• Performance varies by cost: cost 10 is around 100 ms per hash on baseline hardware; cost 12 is around 400 ms. The page stays responsive during hashing because bcryptjs yields control between rounds.

Common use cases

• Development password fixture generation. Seed your test database with known passwords + their bcrypt hashes so integration tests can authenticate as those users.
• Migrating from legacy hash formats. If your application stores SHA-256-of-password (or worse, MD5), the migration path is: on next successful login, re-hash with bcrypt and update the stored hash. The generator produces the format your migration code needs to compare against.
• Verifying server-side bcrypt output. During backend integration testing, confirm that your server's `bcrypt.hash(password, cost)` output matches what this generator produces for the same input — useful when wiring up a new auth service.
• Generating a test password for a stolen-database scenario. Demonstrate to stakeholders why bcrypt makes brute-force expensive: a cost-12 hash takes ~400 ms; an attacker testing 10^9 candidate passwords needs ~12 years on a single core.
• Educational comparison. Hash the same password with cost 4, 8, 10, 12 to see how much each cost step actually slows things down. The doubling is striking when measured.

Privacy and security

bcryptjs is a pure-JavaScript bcrypt implementation that runs entirely in your browser. The password, the random salt, and the resulting hash never leave the page. The salt comes from `crypto.getRandomValues` (CSPRNG), so each invocation produces a different output even for the same password — by design. Note: any browser-based hash tool is unsuitable for hashing **real** production passwords; use it for development fixtures, test data, and migration tooling, not for live user credentials.

Tips and pitfalls

• Cost factor matters. OWASP 2026 minimum is 10. Cost 12 is a reasonable target for new systems with modern hardware. Each step doubles compute time, so cost 13 is twice as slow as cost 12; pick the highest cost your latency budget tolerates.
• 72-byte input limit. Bcrypt processes only the first 72 bytes of the password. Passwords longer than 72 bytes are silently truncated (so two passwords sharing the first 72 bytes hash to the same output). To support arbitrarily long passwords, pre-hash with SHA-256 (or use argon2id, which has no length limit).
• Salt is embedded in the output. The 22-character salt segment between the cost factor and the hash is the bcrypt-encoded salt. You do not store it separately; the modular-crypt string contains everything needed to verify a candidate password later.
• Prefix variants `$2a / `$2b / `$2x / `$2y . All four are bcrypt; the differences are historical implementation details (a buffer-overrun bug in the original C implementation, a sign-extension bug in PHP, etc.). All major libraries verify any prefix correctly. New hashes typically use `$2b .
• bcrypt vs scrypt vs argon2id. Argon2id (the 2015 password-hashing competition winner) is the modern best-of-breed; it is memory-hard, which makes GPU and ASIC attacks more expensive than bcrypt's CPU-bound work. bcrypt remains acceptable per OWASP 2026; argon2id is the preferred choice for new systems if your stack supports it.