Bcrypt Hash & Verify

Generate a bcrypt password hash, or verify a password against one.

Computed on the server and never stored. Don’t hash a password you actively use.

Frequently asked questions

What is bcrypt?

Bcrypt is a password-hashing function designed to be deliberately slow, which makes brute-force attacks expensive. It automatically includes a random salt, so identical passwords produce different hashes.

What is the cost factor?

The cost (or work factor) controls how slow the hash is. Each step up roughly doubles the time. A cost of 10–12 is a common balance between security and speed.

How do I verify a password?

Switch to verify mode, paste the password and the stored bcrypt hash, and the tool reports whether they match — the same check your application performs at login.

Is it safe to hash a real password here?

The hash is computed on our server over HTTPS and never stored, but for a password you actually use, prefer generating it in your own environment.