Bcrypt Hash & Verify
Hash passwords with bcrypt and verify hashes — using bcryptjs, entirely in your browser.
About this tool
Bcrypt is the industry-standard password hashing algorithm for web applications. Unlike SHA-256 or MD5 (which are fast and can be brute-forced), bcrypt is intentionally slow due to its configurable cost factor (the number of key-expansion rounds). A cost factor of 10 means 2^10 = 1,024 rounds; factor 12 means 4,096 rounds.
This tool uses the bcryptjs library — a pure-JavaScript implementation that runs in the browser without any server. You can hash a password and get the bcrypt string (which includes the salt and cost factor), or verify whether a plain-text password matches a stored hash. The same algorithm is used by password_hash() in PHP, BCrypt in Spring Security, and the bcrypt package in Node.js.
Note: bcrypt is slow by design. Higher cost factors (12–14) are more secure but take longer to compute. Factor 10 is the practical minimum for production; factor 12+ is recommended for modern hardware.
Frequently asked questions
Why is bcrypt preferred over SHA for passwords?
What does the cost factor mean?
Does the tool send my password anywhere?
Related tools
SHA Hash Generator
Generate SHA-1, SHA-256, SHA-384, and SHA-512 hashes using browser-native Web Crypto.
MD5 Hash Generator
Generate MD5 hashes for checksums and legacy compatibility — runs entirely in your browser.
Password Generator
Generate strong random passwords with configurable length, charset, and an entropy meter.
HMAC Generator
Generate HMAC-SHA256, HMAC-SHA512 and other HMAC digests using browser Web Crypto.