Bcrypt Hash Generator
How to use this bcrypt tool
- Choose "Hash" to create a new bcrypt hash, or "Check" to verify a password against one.
- For hashing, type a password and pick a cost factor (10 is a good default).
- For checking, paste the password and the existing hash to compare.
Why is bcrypt slow on purpose?
Bcrypt's "cost factor" controls how many rounds of internal hashing it performs — deliberately slow, so that attackers trying millions of password guesses per second are significantly slowed down, unlike fast hashes like SHA-256 which are unsuitable for password storage.
What cost factor should I use?
10-12 is a common default for web applications today, balancing security with acceptable login speed. Higher values increase security but also server load — tune it to what your hardware can handle in under ~250ms.
Why does the hash look different every time I hash the same password?
Bcrypt automatically generates a random salt for every hash, embedded in the output itself — this is intentional and means two hashes of the same password will never match byte-for-byte, but both will still verify correctly.