Bcrypt hash & verify
Clientbcrypt stores passwords as a salted, slow-to-compute digest (typically $2b$ on modern stacks). Hash plaintext with an adjustable cost, or verify a candidate password against an existing digest—everything runs with bcryptjs in your tab.
Related tools
Generate high-entropy secrets with the password generator, then hash them here. For keyed message authentication (not password storage), use HMAC or the general crypto workspace.
bcryptjs in this tab. Bcrypt only uses the first 72 UTF-8 bytes of a password—longer strings are truncated per the algorithm. Prefer a password manager over pasting production credentials on shared screens.?
Output uses the common $2a$ / $2b$ wire format. Cost factor is the number after the second $ (e.g. $2b$12$ → 12 rounds).
4–15 (higher = slower, stronger).
Common use cases
- Produce a bcrypt digest for a staging user seed or fixture when your stack expects $2b strings.
- Check whether a remembered password still matches an exported hash before rotating credentials.
- Compare bcrypt cost settings by hashing the same sample password at different round counts.
- Pair with the password generator when you need both a random secret and a stored hash format.
Common mistakes to avoid
Assuming bcrypt encrypts arbitrary secrets
It is a password hash: slow by design, with a 72-byte UTF-8 input cap. Use dedicated algorithms for general-purpose encryption.
Using very low cost in production
Cost 4–6 is fine for demos; production systems often use 10–12+ per policy—balance UX and offline attack cost.
Pasting live production hashes into untrusted machines
Verification is local, but shoulder surfing and logs still leak—use redacted samples in shared sessions.
FAQ
Is this the same as Node bcrypt?
This page uses bcryptjs, which implements the same bcrypt algorithm and wire format as common server libraries.
Why is hashing slow?
Each higher cost doubles the work factor, which is intentional to resist brute-force guessing.
Can I prefill the password for Hash mode?
Yes—?q= or ?qb= fills the Hash tab only. Avoid sharing URLs that embed real secrets.
Common search terms
Phrases people search for that match this tool. See the full long-tail keyword index.
- bcrypt hash generator online browser
- verify bcrypt password hash locally
- bcrypt cost rounds calculator tool
- bcryptjs hash password no upload
More tools
Related utilities you can open in another tab—mostly client-side.
Password generator
ClientRandom passwords with length and character sets—generated in your browser.
HMAC (SHA-256 & more)
ClientHMAC-SHA-256/384/512/1 in the browser—hex or Base64 for webhooks, signing, and API docs.
Encrypt & decrypt
ClientEncrypt, decrypt, hash (AES, DES, RC4, Rabbit, TripleDES, MD5, SHA) and Base64—client-side.
Random string generator
ClientRandom alphanumeric, hex, Base64 URL-safe, or custom tokens—entropy hint, local only.