Bcrypt Generator
Generate and verify BCrypt password hashes.
About BCrypt
- BCrypt is a password hashing function designed by Niels Provos and David MaziΓΒ¨res
- It incorporates a salt to protect against rainbow table attacks
- The work factor allows you to increase the cost of hashing as hardware improves
- Each hash is unique, even for the same password, due to the random salt
What Is Bcrypt?
Bcrypt is a password hashing function designed by Niels Provos and David Mazières in 1999, based on the Blowfish cipher. Unlike general-purpose hash functions (MD5, SHA-256), bcrypt is specifically designed for password storage. It is intentionally slow, making brute-force attacks computationally expensive, and it includes a built-in salt to prevent rainbow table attacks.
How Bcrypt Works
- Salt Generation: A random 16-byte salt is generated for each password, ensuring identical passwords produce different hashes.
- Cost Factor (Work Factor): The cost factor determines how many iterations of the hashing algorithm are performed. Each increment doubles the computation time. A cost of 12 means 212 = 4,096 iterations.
- Hash Output: The result is a 60-character string containing the algorithm version, cost factor, salt, and hash:
$2b$12$salt22chars.hash31chars.
Bcrypt vs Other Hashing Algorithms
| Algorithm | Purpose | Speed | Password Storage |
|---|---|---|---|
| Bcrypt | Password hashing | Intentionally slow (adjustable) | β Recommended |
| Argon2 | Password hashing | Configurable (memory-hard) | β Best (PHC winner) |
| PBKDF2 | Key derivation | Adjustable iterations | β Acceptable |
| SHA-256 | General-purpose hashing | Very fast | β Too fast for passwords |
| MD5 | Checksums | Very fast | β Cryptographically broken |
Common Use Cases
- User Registration: Hash passwords with bcrypt before storing in the database.
- Login Verification: Compare a submitted password against the stored bcrypt hash.
- Password Migration: Upgrade legacy MD5/SHA password hashes to bcrypt on user login.
How to Use This Tool
- Enter the password you want to hash.
- Select the cost factor (work rounds) β higher is more secure but slower.
- Click Generate Hash to create the bcrypt hash.
- To verify, paste the password and hash, then click Verify.
Why Use This Tool?
- Bcrypt is the gold standard for password hashing.
- Built-in salt generation prevents rainbow table attacks.
- Adjustable cost factor lets you future-proof against faster hardware.
- Essential for developers building authentication systems.
Frequently Asked Questions
What cost factor should I use?
Use the highest cost factor that keeps login time under 250ms on your server. As of 2024, a cost factor of 12-14 is recommended. Increase it as hardware gets faster.
Can I decrypt a bcrypt hash?
No. Bcrypt is a one-way function β there is no way to recover the original password from the hash. You can only verify if a given password matches the hash.