Hash a password with bcrypt (choose cost factor 10–12) or verify a password against an existing bcrypt hash. Useful for development and testing. All processing runs in your browser — your password never leaves your device.
Verify password
Check if a password matches a bcrypt hash.
About Bcrypt
Bcrypt is a password-hashing algorithm designed to be slow so that brute-force attacks are impractical. It uses a cost factor (number of rounds) — higher cost means more secure but slower. This tool lets you generate bcrypt hashes and verify passwords against hashes, all in your browser. Use it for development, testing, or to check a hash format. For production applications, always hash on the server and never log or transmit plain passwords.
How to use
- Hash: Enter a password, choose cost (10–12), click Hash password. Copy the hash.
- Verify: Enter a password and the bcrypt hash, then click Verify to see if they match.
Frequently Asked Questions
What is bcrypt?
Bcrypt is a password-hashing function designed to be slow and resistant to brute force. It uses a cost factor (rounds) to control how long hashing takes. It is the standard choice for storing passwords in applications.
Is my password sent to a server?
No. Hashing and verification run entirely in your browser using bcryptjs. Your password never leaves your device.
What cost factor should I use?
Cost 10 is common and secure. Cost 11 or 12 is stronger but slower. For production, use at least 10; increase if your server can afford the CPU time.