Bcrypt Hash & Verify
Developer
Bcrypt is the de-facto password hashing function for web apps — slow by design and salt-included. This tool generates bcrypt hashes with a cost factor between 4 and 14 (each step doubles the work) and verifies any existing hash against a candidate password. Uses `bcryptjs` in your browser; the password never leaves the page.
—
Output
—
How to use
- Hash mode: type the password, choose cost (10 is the modern default), click generate.
- Verify mode: paste a hash starting with `$2a$`, `$2b$`, or `$2y$`, type the candidate password, click verify.
- Copy the hash.
Frequently asked questions
- Which cost factor should I use?
- 10 is the modern default (~100ms on a server CPU). Use 12 for high-value secrets; 14 for offline-only secrets. Below 8 is too fast in 2026.
- Why is cost 14 slow in my browser?
- Each cost increment doubles the work. Cost 14 takes ~1–4s on a typical laptop — that's the point.
- What's the difference between $2a$, $2b$, $2y$?
- Format prefixes from different bcrypt implementations. All modern libraries verify all three interchangeably.
- Is bcrypt still recommended in 2026?
- Yes, with cost ≥10. Argon2id is preferred for new projects but bcrypt remains widely supported and safe at appropriate cost.
Related tools
JWT Decoder
Decode a JSON Web Token to inspect its header, claims, and expiration.
Developer00
UUID Generator
Generate random version-4 UUIDs in bulk, with copy.
Developer00
Hash Generator (SHA)
Generate SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text.
Developer00
URL Encoder / Decoder
Percent-encode text for URLs, or decode encoded URLs back to text.
Developer00
Base64 Encoder / Decoder
Encode text to Base64 or decode Base64 back to text, instantly.
Developer00
JSON Formatter & Validator
Format, beautify, minify, and validate JSON right in your browser.
Developer00