Free online BCrypt hash generator using bcryptjs library. Hash passwords with configurable salt rounds and verify passwords against existing hashes. Pure frontend, no passwords uploaded.
Enter Content:Type or paste the content you want to process.
Configure Options:Adjust settings as needed.
Get Results:Copy the result once done. All processing is local - no data is uploaded.
BCrypt is a password hashing function based on the Blowfish cipher, designed by Niels Provos and David Mazieres in 1999. It features built-in salting and an adaptive cost factor, protecting against brute-force and rainbow table attacks. BCrypt is deliberately slow, making password cracking impractical even if the database is leaked.
Salt rounds is BCrypt's computational cost factor, defaulting to 10. Each increment doubles computation time. 10 rounds ~0.1s, 12 rounds ~0.4s, 15 rounds ~3s. Recommendation: 10-12 rounds for standard apps, 12-15 for high-security needs.
BCrypt hash format: $2b$[cost]$[22-char salt][31-char hash]. Example: $2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy. It includes version ($2b$), cost factor (10), salt (22 chars), and hash (31 chars), totaling 60 characters.
No. BCrypt and SHA-256 serve different purposes: BCrypt is for password storage (deliberately slow to prevent brute-force); SHA-256 is for data integrity and digital signatures (fast calculation). Use BCrypt for password storage, SHA-256 for data verification.
No. This tool uses the bcryptjs library to perform all hashing and verification locally in your browser. Your passwords and generated hashes never leave your device.
Designed by Niels Provos and David Mazières (USENIX 1999), bcrypt is recommended by NIST SP 800-63B for password storage. Bcrypt automatically includes a salt and uses an adjustable cost factor to control computation time. As hardware improves, simply increasing the cost factor maintains security — something fast hashes like MD5 and SHA-x cannot do.