Bcrypt Tool

Generate bcrypt password hashes or verify plaintext against stored hashes. Ideal for learning auth flows and local login testing.

Privacy: processed locally, never uploaded.

↓ Paste in the input area below to see results instantly

Password
Cost rounds

Generate bcrypt password hashes or verify plaintext against stored hashes. Ideal for learning auth flows and local login testing.

Quick start

  1. Hash mode

    Enter password, pick cost (default 10), generate.

  2. Verify mode

    Enter plaintext and stored $2a$… hash, then verify.

  3. Copy hash

    Copy hash into test fixtures.

Why bcrypt

Bcrypt is built for passwords: automatic salting and slow hashing resist brute force.

Choosing cost rounds

10 is a common starting point. Higher is safer but slower at login. Tune for your server in production.

Typical Workflow

During user registration, the frontend sends the password to the backend, which generates a Bcrypt hash and stores it. The plaintext password is never retained. At login, the backend hashes the input password with the same cost parameter and compares it with the stored hash. A match means successful authentication.

During development, use this tool to generate test hashes mimicking database storage. When testing login logic, verify if different password combinations correctly trigger match/mismatch results. Local processing prevents exposure of real user data.

Examples

Hash example

Input

my-password

Each hash differs (random salt) but all verify the same password.

FAQ

Same as SHA-256 for passwords?

No. SHA is too fast and unsalted; use bcrypt, Argon2, etc. for passwords.

Slow verify?

Yes. Bcrypt is intentionally slow for security.

What components are in a Bcrypt hash?

A standard Bcrypt hash looks like '$2a$12$N9qo8uLOickgx2ZMRZoMy...' where: '2a' is the version, '12' is the cost parameter, 'N9qo8uLOickgx2ZMRZoMy' is the 22-char salt, and the remainder is the actual hash. Our tool automatically parses these for verification.