Bcrypt Hash Generator
Generate bcrypt hashes from plain text passwords with configurable cost factor. Verify passwords against existing bcrypt hashes. Client-side only.
Generate Hash
Verify Hash
Why use Bcrypt for password hashing?
Unlike fast hash functions such as SHA-256 or MD5, bcrypt is intentionally slow — making brute-force attacks orders of magnitude harder. Its adaptive cost factor lets you increase computation time as hardware gets faster, future-proofing your password storage. Always hash passwords server-side with bcrypt (or argon2) rather than storing plain text or fast hashes. Pair it with our password generator and strength checker for a complete security workflow.
Intentionally slow
Bcrypt is designed to be computationally expensive, meaning attackers need millions of times more resources to crack hashes.
Automatic salting
Every bcrypt hash includes a unique random salt, ensuring two identical passwords always produce different hashes.
Adjustable cost
The cost factor (4–31) lets you tune compute time as hardware improves, keeping your hashes resistant to future attacks.
Bcrypt cost factor vs time & security
The cost factor doubles the computation time with each increment. Choose the highest value your login response time can tolerate. Explore more in the security tools category.
| Cost factor | Hash iterations | Approx. time (modern CPU) | Recommended for |
|---|---|---|---|
| 4 | 16 | <1ms | Testing only — too fast for production |
| 10 | 1,024 | ~100ms | General web applications (bcrypt default) |
| 12 | 4,096 | ~400ms | High-value accounts (banking, healthcare) |
| 14 | 16,384 | ~1.5s | Maximum practical value for interactive logins |