Bcrypt Generator

Bcrypt is a password hashing algorithm designed to be slow and computationally expensive, making brute-force attacks impractical. It automatically handles salting and produces a 60-character hash. It is the industry standard for password storage.

The cost factor (work factor) determines how many iterations bcrypt performs: 2^cost rounds. Cost 10 = 1,024 rounds (~100ms). Cost 12 = 4,096 rounds (~300ms). Higher cost = more secure but slower. Cost 10-12 is recommended for most applications.

Enter the plain text password and the stored hash. The tool re-hashes the password with the same salt (embedded in the hash) and compares. A match confirms the password is correct without ever storing the original password.

Bcrypt includes a random salt in each hash. The same password produces different hashes each time, preventing rainbow table attacks. The salt is stored as part of the hash string, so verification still works correctly.

SHA-256 is fast (millions of hashes per second), making it vulnerable to brute force. Bcrypt is intentionally slow (10-1000 hashes per second) and includes built-in salting. Never use plain SHA-256 for passwords — always use bcrypt, scrypt, or Argon2.