Bcrypt Generator & Verifier
Hash a password with bcrypt — adjustable cost factor — or verify one against an existing hash. Runs via bcryptjs in your browser; the password never leaves the page.
Each step doubles the work (210 rounds). 10–12 is typical; higher is safer but slower — drag it after generating and the hash updates.
Heads up: bcrypt only hashes the first 72 bytes — anything past that is ignored.
It's deliberately slow and salted, so brute-forcing stolen hashes stays expensive — the opposite of MD5/SHA.
bcrypt is a password-hashing function built to be slow. Where MD5 and SHA-256 are fast — great for checksums, terrible for passwords — bcrypt's cost factor sets how many rounds (2cost) it runs, so you can keep it expensive enough that brute-forcing a leaked hash stays impractical. It also folds a random salt into every hash, so identical passwords produce different hashes and rainbow tables don't help.
A bcrypt hash looks like $2b$10$…: the algorithm version, the cost, then the salt and digest. Generate hashes a password at your chosen cost; Verify checks a password against an existing hash (handy for a .htpasswd line or a config value). Everything runs locally through bcryptjs — your password is never sent anywhere. Note bcrypt only considers the first 72 bytes of the input.