Bcrypt Hash & Verify
Generate and verify bcrypt password hashes.
How to Use
To hash a password, enter it in the input field, select a cost factor (work factor), and click Hash. To verify a password, enter the plain text password and the bcrypt hash, then click Verify. The tool will tell you whether the password matches the hash.
Common Use Cases
- Generating bcrypt hashes for storing passwords securely in a database
- Verifying that a plain text password matches a stored bcrypt hash during debugging
- Testing different bcrypt cost factors to balance security and performance
- Creating hashed passwords for database seed files or initial admin accounts
Frequently Asked Questions
What cost factor should I use for bcrypt?
A cost factor of 10-12 is common for web applications. Higher values are more secure but slower. The cost factor is exponential: cost 12 takes roughly twice as long as cost 11. Target ~250ms per hash on your server hardware.
Why does bcrypt produce different hashes for the same password?
Bcrypt automatically generates a random salt for each hash. This means the same password produces a different hash every time, which prevents rainbow table attacks and makes each hash unique.
Is bcrypt still a good choice for password hashing?
Yes. Bcrypt remains a solid choice with decades of real-world use. However, Argon2id is now the recommended algorithm for new projects by OWASP, as it also resists GPU-based attacks.