Free online Bcrypt password hash encryption and verification tool, supports configurable salt rounds, secure and reliable, calculated locally in browser, not uploaded to server, protects your password security
Select "Encrypt" or "Verify" mode on the tool page. Encrypt mode is for generating bcrypt hash, verify mode is for checking if password matches.
Encrypt mode: Enter password and select salt rounds; Verify mode: Enter password and corresponding bcrypt hash value.
Click corresponding button to get result. Encryption result can be copied with one click, verification result will show match or no match.
Standard way for websites and applications to store user passwords
Verify if password matches when user logs in
Enterprise user system password secure storage
Developers testing bcrypt encryption functionality
Learn password hashing and encryption knowledge
Operations personnel debugging user password issues
Bcrypt is a password hashing function based on Blowfish cipher, designed by Niels Provos and David Mazières in 1999. Its main feature is being an adaptive hash function that can slow down computation by increasing iteration count, effectively resisting brute force attacks. Bcrypt also automatically generates random salt value for each password, preventing rainbow table attacks.
Salt rounds (cost factor) determines the iteration count for bcrypt hash computation, higher rounds means slower computation, harder to crack. Rounds is exponential, for example rounds 10 means 2^10=1024 iterations. Generally recommend using 10-12 rounds, too high rounds will cause long computation time, affecting user experience.
Bcrypt hash format: $2a$xx$yyyyyyyyyyyyyyyyyyyyyyzzzzzzzzzzzzzzzzzzzzzzzzzzz, where xx is salt rounds, yyyyyyyyyyyyyyyyyyyyyy is 22-character salt value, zzzzzzzzzzzzzzzzzzzzzzzzzzz is 31-character hash value. Total hash length is 60 characters.