BCrypt Generator

Generate and verify BCrypt password hashes

Generate secure BCrypt hashes with adjustable cost factor. BCrypt is the industry standard for password hashing, providing built-in salting and adaptive cost to resist brute-force attacks.

4 (fast) – 12 (secure)

Verify Hash

How BCrypt Works

BCrypt is a password hashing function based on the Blowfish cipher. It was designed by Niels Provos and David Mazières specifically for securely storing passwords.

The cost factor (rounds) determines how many iterations the algorithm runs: 2rounds times. With 10 rounds, the hash is computed 1,024 times. This makes brute-force attacks computationally expensive.

BCrypt automatically generates a random salt for each hash, ensuring that identical passwords produce different hashes. The salt is embedded in the output, so you don't need to store it separately.

The resulting hash is 60 characters long and contains all information needed for verification: the algorithm version, cost factor, salt, and the hash itself.

Frequently Asked Questions

What is BCrypt?

BCrypt is an adaptive password hashing algorithm designed specifically for securely storing passwords. It is based on the Blowfish cipher and automatically includes a salt to protect against rainbow table attacks.

What are BCrypt rounds?

The cost factor (rounds) determines how many times the hashing algorithm runs. With 10 rounds, that's 2^10 = 1024 iterations. Higher values mean more security but also longer computation time. 10-12 rounds are recommended.

Why is BCrypt better than SHA-256 for passwords?

BCrypt is intentionally slow and can be adapted to increasing computing power via the cost factor. SHA-256 is optimized for speed and therefore more vulnerable to brute-force attacks. BCrypt also integrates a salt automatically.

Are my passwords stored?

No. All calculations happen exclusively in your browser. No data is sent to any server.

What does the $2b$ format mean?

That is the BCrypt version identifier. $2b$ is the current version. The full hash format is: $2b$Rounds$22-character-Salt31-character-Hash.