bcrypt
Bcrypt hash & compare
Try it
Hash passwords with bcrypt or verify a password against a hash — runs locally in your browser.
Loading…
Guide
How to use this tool, examples, and related tips.
How to Use the Bcrypt Hash & Compare Tool
To hash: Enter a plaintext password, set a cost factor (work factor), and click Hash. Copy the resulting bcrypt hash for storage.
To compare: Enter the plaintext password and the stored bcrypt hash, then click Compare. The tool returns whether they match.
What Is Bcrypt?
Bcrypt is an adaptive password hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher. Unlike general-purpose hash functions like SHA-256, bcrypt is deliberately slow — its cost factor (work factor) controls how computationally expensive the hashing operation is. As hardware gets faster, you can increase the cost factor to keep the hashing time constant, making brute-force attacks progressively harder. Bcrypt also automatically generates and embeds a salt, preventing precomputed rainbow table attacks. It is one of the most widely recommended algorithms for password storage alongside Argon2 and scrypt.
When to Use This Tool
Generating test password hashes — Create bcrypt hashes for use in development databases, test fixtures, or seed scripts without running application code.
Verifying a hash manually — Confirm that a known password matches a stored bcrypt hash during debugging or account recovery investigation.
Learning bcrypt — Experiment with different cost factors to understand the relationship between work factor and computation time.
Auditing stored hashes — Inspect the cost factor embedded in a bcrypt hash string to check whether your application is using an adequate work factor.
Related Tools
- Bcrypt generator
- Bcrypt checker
- Password generator
- SHA-256 hash generator
- HMAC-SHA256 generator
FAQ
Answers about this tool and how your data is handled.
What cost factor should I use?
A cost factor of 12 is a widely cited baseline for 2024 hardware. The goal is a hashing time of roughly 100–300ms per operation on your server hardware. Increase the factor as hardware improves.
Is this tool safe for hashing real passwords?
The tool runs entirely in your browser — nothing is sent to a server. That said, treat any tool that handles real credentials with caution. For production password hashing, implement bcrypt server-side in your application code.
Why is bcrypt better than SHA-256 for passwords?
SHA-256 is fast by design — an attacker can compute billions of SHA-256 hashes per second with commodity hardware. Bcrypt is intentionally slow and includes a built-in salt, making brute-force and rainbow table attacks orders of magnitude harder.
What does the bcrypt hash string contain?
The full bcrypt hash string encodes the algorithm identifier, cost factor, salt (22 characters), and hash (31 characters) in a single string. You store the entire string — not just the hash component.
Does bcrypt have a maximum password length?
Yes. Most bcrypt implementations truncate input at 72 bytes. Passwords longer than 72 bytes will produce the same hash as the first 72 bytes. If supporting long passphrases, consider pre-hashing with SHA-256 before bcrypt — though this requires careful implementation.
関連ツール
同じカテゴリを優先し、その他のユーティリティを表示します。
- Bcrypt checkerVerify a password against a bcrypt hash.bcrypt
- Bcrypt generatorGenerate bcrypt hashes with configurable cost.bcrypt
- Case converterlower, UPPER, camelCase, PascalCase, snake_case, CONSTANT_CASE, Train-Case.テキスト
- HEX to textDecode hex (with or without separators) back to UTF-8 text.テキスト
- Line sorterSort, reverse, shuffle lines; optional line numbers — all client-side.テキスト
- Lorem ipsum generatorGenerate placeholder paragraphs with adjustable length.テキスト