Quick start
-
Hash mode
Enter password, pick cost (default 10), generate.
-
Verify mode
Enter plaintext and stored $2a$… hash, then verify.
-
Copy hash
Copy hash into test fixtures.
Generate bcrypt password hashes or verify plaintext against stored hashes. Ideal for learning auth flows and local login testing.
Privacy: processed locally, never uploaded.
↓ Paste in the input area below to see results instantly
Generate bcrypt password hashes or verify plaintext against stored hashes. Ideal for learning auth flows and local login testing.
Hash mode
Enter password, pick cost (default 10), generate.
Verify mode
Enter plaintext and stored $2a$… hash, then verify.
Copy hash
Copy hash into test fixtures.
Bcrypt is built for passwords: automatic salting and slow hashing resist brute force.
10 is a common starting point. Higher is safer but slower at login. Tune for your server in production.
During user registration, the frontend sends the password to the backend, which generates a Bcrypt hash and stores it. The plaintext password is never retained. At login, the backend hashes the input password with the same cost parameter and compares it with the stored hash. A match means successful authentication.
During development, use this tool to generate test hashes mimicking database storage. When testing login logic, verify if different password combinations correctly trigger match/mismatch results. Local processing prevents exposure of real user data.
Input
my-password
Each hash differs (random salt) but all verify the same password.
No. SHA is too fast and unsalted; use bcrypt, Argon2, etc. for passwords.
Yes. Bcrypt is intentionally slow for security.
A standard Bcrypt hash looks like '$2a$12$N9qo8uLOickgx2ZMRZoMy...' where: '2a' is the version, '12' is the cost parameter, 'N9qo8uLOickgx2ZMRZoMy' is the 22-char salt, and the remainder is the actual hash. Our tool automatically parses these for verification.