Bcrypt Generator & Verifier

Hash passwords with bcrypt or verify a plain-text password against an existing hash — all in your browser.

Last updated:

10

Higher is more secure but slower. 10 is the common default.

What Is Bcrypt?

Bcrypt is a password-hashing function designed by Niels Provos and David Mazières in 1999, based on the Blowfish block cipher. Unlike general-purpose hash algorithms such as SHA-256, bcrypt was purpose-built for storing credentials. It is deliberately slow, which makes brute-force attacks orders of magnitude more expensive than they would be against a fast hash.

Two properties make bcrypt especially well-suited for password storage. First, it includes a built-in random salt, so two users who choose the same password still end up with completely different hashes. Second, it has an adaptive cost factor that lets you increase the computational work required as hardware gets faster, keeping the hash future-proof without changing any application code.

Anatomy of a Bcrypt Hash

A bcrypt hash is a single 60-character string that encodes everything needed to verify a password. It follows the Modular Crypt Format and looks like this:

$2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy

  • $2b$ — the algorithm version identifier. Older hashes may show $2a$ or $2y$. The 2b revision is the current recommended version and fixes edge-case bugs present in 2a.
  • 10 — the cost factor (also called "work factor" or "log rounds"). The algorithm performs 2cost iterations internally, so a cost of 10 means 1,024 iterations.
  • N9qo8uLOickgx2ZMRZoMye — the first 22 characters after the cost factor are a Base64-encoded 128-bit salt, generated at hash time from a cryptographically secure random source.
  • IjZAgcfl7p92ldGxad68LJZdL17lhWy — the remaining 31 characters are the Base64-encoded 184-bit hash digest itself.

Because the salt and parameters are embedded in the output, you never need to store them separately. Any bcrypt library can take the hash string and a candidate password and verify the match.

Choosing a Cost Factor

The cost factor is the single most important tuning parameter. Each increment doubles the time needed to compute a hash. On typical server hardware in 2025, approximate timings look like this:

  • Cost 8 — roughly 40 ms. Fast, but provides less protection against offline attacks.
  • Cost 10 — roughly 130 ms. The most common default and a reasonable baseline for web applications.
  • Cost 12 — roughly 500 ms. Good for high-security systems where a half-second login delay is acceptable.
  • Cost 14+ — over 2 seconds. Generally too slow for interactive logins, but may suit background tasks like key derivation.

The goal is to pick the highest cost your application can tolerate without degrading the user experience. For most web applications, a cost factor between 10 and 12 strikes the right balance between security and response-time latency. Benchmark on your production hardware and re-evaluate every year or two as CPUs and GPUs improve.

Bcrypt vs Scrypt vs Argon2

Bcrypt is not the only password-hashing algorithm available. Two newer alternatives are worth knowing about:

  • Scrypt — introduced in 2009, scrypt adds a memory-hardness parameter on top of CPU cost. This makes it more resistant to attacks using GPUs or custom ASICs, since those devices have limited fast memory. Scrypt is a solid choice when you can tune both the CPU and memory parameters, and it is used by several cryptocurrency protocols.
  • Argon2 — the winner of the 2015 Password Hashing Competition. Argon2 offers three variants: Argon2d (data-dependent, best GPU resistance), Argon2i (data-independent, resists side-channel attacks), and Argon2id (a hybrid recommended for most use cases). It provides fine-grained control over time cost, memory cost, and parallelism.

For new projects with full control over the stack, Argon2id is generally the recommended default. However, bcrypt remains a perfectly secure and battle-tested choice, especially when library support or framework conventions favor it. Many mature platforms — including Ruby on Rails, Laravel, and Spring Security — default to bcrypt. The most important thing is to use any adaptive password hash rather than a plain digest like SHA-256 or MD5.

Related Tools

If you work with hashing and credential security, these CodeBoxTools may also be useful:

  • Hash Generator — compute MD5, SHA-1, SHA-256, and SHA-512 digests for any input string. Useful for checksums and data integrity, though not suitable for password storage on its own.
  • Password Generator — create strong, random passwords with configurable length, character sets, and entropy estimates. Pair it with bcrypt hashing for a complete credential workflow.
  • Base64 Encode / Decode — bcrypt uses a custom Base64 alphabet internally. This tool handles standard Base64 encoding and decoding for tokens, data URIs, and API payloads.

Frequently Asked Questions

What cost factor should I use?
For most web applications in 2026, use 10–12. Higher is more secure but slower: cost 10 takes ~100ms on modern hardware, cost 12 takes ~400ms, cost 14 takes ~1.5s. The right trade-off depends on how many logins per second your server handles.
Is bcrypt still considered secure?
Yes, when used with an appropriate cost factor. Bcrypt has been battle-tested since 1999 and remains a solid choice. Argon2id is considered slightly stronger for new systems (it's more resistant to GPU attacks), but bcrypt is perfectly fine for most applications.
Are my passwords sent anywhere?
No. Hashing and verification happen entirely in your browser using the `bcryptjs` JavaScript library. No network requests are made — you can disconnect from the internet and this tool will still work.
What is a bcrypt cost factor?
A number from 4 to 15 that controls how slow the hashing is. Each increment doubles the work — cost 12 is 256 times slower than cost 4. Higher costs make brute-force attacks harder but also slow down login checks.
What cost factor should I use in production?
Aim for a hashing time of 250-500 ms on your target hardware. On modern servers that usually means cost 12 or 13. Measure it — hardware changes, and what was right five years ago is too low today.
Is bcrypt better than SHA-256 for passwords?
Yes. SHA-256 is fast by design (for hashing documents, not passwords), so attackers can compute billions of guesses per second. Bcrypt is intentionally slow and includes a per-password salt, making brute-forcing far more expensive.

Related Tools

UUID Generator
Generate UUID v4 (random) or v7 (time-based) identifiers — also works as a GUID generator. Free and browser-based.
JWT Decoder
Paste a JWT to decode and inspect its header, payload, and signature — free, private, nothing leaves your browser.
Hash Generator
Generate cryptographic hashes from any text — SHA-256, SHA-1, SHA-384, SHA-512. Free, private, and browser-based.
Password Generator
Generate strong random passwords with customizable length and characters — cryptographically secure and browser-based.