Bcrypt Hash Generator

How to use this bcrypt tool

  1. Choose "Hash" to create a new bcrypt hash, or "Check" to verify a password against one.
  2. For hashing, type a password and pick a cost factor (10 is a good default).
  3. For checking, paste the password and the existing hash to compare.

Why is bcrypt slow on purpose?

Bcrypt's "cost factor" controls how many rounds of internal hashing it performs — deliberately slow, so that attackers trying millions of password guesses per second are significantly slowed down, unlike fast hashes like SHA-256 which are unsuitable for password storage.

What cost factor should I use?

10-12 is a common default for web applications today, balancing security with acceptable login speed. Higher values increase security but also server load — tune it to what your hardware can handle in under ~250ms.

Why does the hash look different every time I hash the same password?

Bcrypt automatically generates a random salt for every hash, embedded in the output itself — this is intentional and means two hashes of the same password will never match byte-for-byte, but both will still verify correctly.