Developer Tools
Bcrypt Hash Generator & Verifier - Client-Side Password Hashing
Generate bcrypt password hashes and verify passwords against existing hashes entirely in the browser. Supports cost factors 4–14. No data is sent to any server.
Generate Hash
Sample salt: $2b$10$M4VpSSGh.Npd/4x6XOy6du
Verify Password
How Bcrypt Works
Bcrypt is based on the Blowfish block cipher. During hashing, a random 16-byte salt is generated and the Expensive Key Schedule (EKS) Blowfish setup is run for 2cost rounds. The "OrpheanBeholderScryDoubt" magic string is then encrypted 64 times to produce the final 24-byte hash.
Choosing a Cost Factor
NIST recommends a cost factor that causes hashing to take at least 100 ms on current hardware. A cost of 10–12 is typical for most applications. Increase it as hardware improves.
Cost factor benchmark
The table below shows approximate hashing times on a modern server CPU (single-threaded). Actual times vary by hardware; benchmark on your own server before choosing a value for production.
| Cost factor | Iterations (2cost) | Approx. time (modern server) | Recommendation |
|---|---|---|---|
| 10 | 1,024 | ~100 ms | Minimum recommended for new apps |
| 11 | 2,048 | ~200 ms | Good default for most web applications |
| 12 | 4,096 | ~400 ms | Higher security; acceptable for login flows |
| 13 | 8,192 | ~800 ms | Use for sensitive data; may impact UX on slow servers |
| 14 | 16,384 | ~1.6 s | Very high security; consider async hashing |
Password storage security
Never store plaintext passwords. When a user sets a password, bcrypt hashes it with a random salt before storing. Each bcrypt hash is unique even for identical passwords, so attackers cannot use a single precomputed table (rainbow table) to crack multiple accounts at once. The one-way nature of the hash means the original password cannot be retrieved from the stored value.
Modern alternatives worth considering:
- Argon2id (winner of the Password Hashing Competition): memory-hard; the current best-practice recommendation for new systems.
- scrypt: also memory-hard; widely supported; used by Litecoin and other systems.
- PBKDF2: FIPS-approved; suitable when regulatory compliance requires it.
Bcrypt hash format
A bcrypt output string looks like:
$2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/lfkpwkE
| Segment | Value | Meaning |
|---|---|---|
$2b$ | Algorithm version | 2b is the current recommended variant |
12$ | Cost factor | 2¹² = 4,096 rounds |
| Next 22 chars | Salt | Random 128-bit salt, base64 encoded |
| Remaining 31 chars | Hash | 184-bit output, base64 encoded |