Bcrypt Hash Generator & Verifier

Generate and verify bcrypt password hashes in your browser. The output is the standard $2[abxy]$rounds$<22-char-salt><31-char-hash> string — compatible with PHP password_hash, Node bcrypt, Python bcrypt, Go golang.org/x/crypto/bcrypt, and jBCrypt. Cost 4–14 slider, random or typed salt, bulk mode, copy as TSV or JSON. Pure client-side, no upload, no tracking.

ms

Cost factor table

bcrypt's cost is 2N key-stretching rounds. Doubling the cost doubles the time per hash. The right cost is the highest one that still keeps your login latency under ~250 ms on a single thread.

Cost Rounds (2N) ~ms on a mid laptop Local benchmark Recommendation
Loading the table…

The "Local benchmark" column runs a single cost-N hash in your browser and reports the time. Refresh after upgrading your device if you want a fresh number.

How bcrypt works

bcrypt is a password-hashing function designed by Niels Provos and David Mazières in 1999. It has been the workhorse of password storage in PHP, Node, Python, Ruby, and Go for two decades. Two properties make it survive the GPU era:

1. Salt
The 16-byte salt is encoded in the hash itself, so two users with the same password get different stored strings. Pre-computed rainbow tables are useless.
2. Work factor
The cost N means 2N iterations of the EksBlowfish key-stretching schedule. A single bcrypt hash at cost 12 is ~200 ms on a laptop and ~2 ms on a GPU — the work factor bends the cost ratio from 1000× (SHA-256) down to ~10×.
The output string
$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
The four parts: $2a$ = algorithm marker, 10$ = cost, 22-char base64 salt, 31-char base64 hash. The total is always 60 characters.
Versions: 2a, 2b, 2y
2a is the original 1999 spec and the broadest compatibility target.
2b fixed a 2011 bug in the OpenBSD reference implementation that mishandled 8-bit characters; emitted by modern PHP and Node.
2y is the same fix as 2b but for the jBCrypt Java reference; emitted by Python and Go's bcrypt package.
What bcrypt is not
Not SHA-256, not PBKDF2, not Argon2, not scrypt. Those are different algorithms with different envelopes ($argon2id$…, $scrypt$…). The hash-identifier tool can tell them apart.