Skip to content

Bcrypt Hash Generator & Verifier

Generate and verify bcrypt password hashes online — adjustable cost, $2b$/$2a$/$2y$ prefixes. 100% in your browser; your password is never uploaded.

No Tracking Runs in Browser Free
100% in your browser — your password never leaves your device.
Bcrypt hash
Hash anatomy
Version
Cost
Salt
Digest

Follows bcrypt reference behavior with output cross-checked against Node bcrypt, Python bcrypt, and Apache htpasswd — Go Tools Security Team · Jun 12, 2026

What Is Bcrypt?

Bcrypt is a password-hashing function designed specifically for storing passwords safely. Instead of keeping a password in plaintext, a server stores a one-way bcrypt hash; when a user logs in, the server hashes the submitted password the same way and checks that the two hashes match. Bcrypt is built on the Blowfish cipher and was designed by Niels Provos and David Mazières in 1999, with one deliberate feature that sets it apart from general-purpose hashes like SHA-256: it is slow on purpose, and you can make it slower over time with an adjustable cost factor as hardware gets faster.

A bcrypt hash is a single, self-describing 60-character string — for example $2b$12$dUSFKqT1FCMYZ6hcQfsxuONizEqcX8IGK8snfVSowP5Uu.TDJoPUq. It packs four parts: the version ($2b$), the cost (12, a logarithmic work factor), a 22-character Base64 salt, and the 31-character Base64 digest. Because the salt is random and embedded in the hash, the same password produces a different hash every time — which defeats rainbow tables and hides the fact that two users picked the same password. Verification reads the salt and cost back out of the stored hash and re-hashes the candidate, so bcrypt never needs to (and cannot) reverse a hash to recover the password.

This tool runs entirely in your browser using a bundled bcrypt implementation — no password or hash is ever uploaded. Use it to generate a hash with a chosen cost and prefix, to verify a password against an existing hash, and to read a hash's anatomy. It pairs naturally with other security tools: protect a directory with HTTP Basic Auth using our htpasswd Generator (which can emit bcrypt entries directly), mint a strong password to hash with our Random Password Generator, and reach for our SHA-256 Generator when you need a fast general-purpose checksum rather than a slow password hash. If you are deciding which algorithm to store passwords with, compare the options in bcrypt vs Argon2 vs scrypt.

// Node.js — bcryptjs / bcrypt (emits $2b$)
const bcrypt = require('bcrypt');
const hash = await bcrypt.hash('correct horse battery staple', 12);
// -> $2b$12$dUSFKqT1FCMYZ6hcQfsxuONizEqcX8IGK8snfVSowP5Uu.TDJoPUq
const ok = await bcrypt.compare('correct horse battery staple', hash); // true

# Python — bcrypt
import bcrypt
hashed = bcrypt.hashpw(b'correct horse battery staple', bcrypt.gensalt(12))
bcrypt.checkpw(b'correct horse battery staple', hashed)  # True

# PHP — password_hash (emits $2y$)
$hash = password_hash('correct horse battery staple', PASSWORD_BCRYPT, ['cost' => 12]);
password_verify('correct horse battery staple', $hash); // true

# Apache htpasswd CLI — bcrypt entry to stdout (-B bcrypt, -b inline, -n stdout)
htpasswd -Bbn admin 'correct horse battery staple'
# -> admin:$2y$12$dUSFKqT1FCMYZ6hcQfsxuONizEqcX8IGK8snfVSowP5Uu.TDJoPUq

Key Features

Generate Bcrypt Hashes

Produce a standard 60-character bcrypt hash from any password with a fresh random salt. Each click yields a different valid hash, exactly as a real password store would.

Adjustable Cost Factor

Tune the work factor from 4 to 15 (12 is the modern default). Feel how each step roughly doubles compute time so you can pick a cost that is strong yet fast enough for login.

Choose the Version Prefix

Emit $2b$ (the current bcryptjs standard), $2y$ (PHP / Apache htpasswd), or $2a$ (the original). All are interchangeable for verification across libraries.

Verify a Password Against a Hash

Paste a stored hash and a candidate password to confirm instantly whether they match — re-hashing with the embedded salt and cost, never decrypting. Ideal for debugging a failed login.

Hash Anatomy Breakdown

See any bcrypt hash split into its version, cost, salt, and digest, so the structure of the $2b$12$... string is obvious at a glance.

100% Client-Side

All hashing and verification happen locally in your browser. No password or hash is ever sent to a server, so you can work with real credentials privately.

Bcrypt Generator Examples

bcrypt hash (cost 12, $2b$)

password: correct horse battery staple
cost: 12
prefix: $2b$
$2b$12$dUSFKqT1FCMYZ6hcQfsxuONizEqcX8IGK8snfVSowP5Uu.TDJoPUq

A bcrypt hash at cost 12 with the $2b$ prefix. The salt is random, so the same password produces a different hash every time — yet all of them verify against the original password.

Verify a password against a hash

password: correct horse battery staple
hash: $2b$12$dUSFKqT1FCMYZ6hcQfsxuONizEqcX8IGK8snfVSowP5Uu.TDJoPUq
✓ Match — the password is correct for this hash

Verification does not decrypt the hash. bcrypt re-hashes the candidate password using the salt and cost embedded in the stored hash, then compares the result. A match means the password is correct.

Hash anatomy breakdown

$2b$12$dUSFKqT1FCMYZ6hcQfsxuONizEqcX8IGK8snfVSowP5Uu.TDJoPUq
version: $2b$ · cost: 12 · salt: dUSFKqT1FCMYZ6hcQfsxuO · digest: NizEqcX8IGK8snfVSowP5Uu.TDJoPUq

Every bcrypt hash is self-describing: a version tag, a two-digit cost, a 22-character Base64 salt, and a 31-character Base64 digest, all in one 60-character string. The tool splits these out so you can read them at a glance.

How to Use the Bcrypt Generator

  1. 1

    Enter a Password & Choose the Cost

    On the Generate tab, type a password or click Random password. Pick a cost factor (4–15; 12 is the modern default) and a version prefix — $2b$, $2a$, or $2y$ — to match your stack.

  2. 2

    Generate the Hash

    The bcrypt hash is computed locally with a fresh random salt and appears as a single 60-character $2b$12$... string. Click Copy to lift it, or re-generate for a new salted hash.

  3. 3

    Read the Anatomy or Verify

    The anatomy panel splits the hash into version, cost, salt, and digest. Switch to the Verify tab to paste a stored hash and a password and confirm instantly whether they match.

Common Errors

Trying to Decrypt a Hash

Bcrypt is one-way; there is no decrypt. To check a password, verify it against the hash instead of attempting to reverse the digest.

✗ Wrong 
bcrypt.decrypt(hash)  // no such operation
✓ Correct 
bcrypt.compare(password, hash)  // returns true / false

Setting the Cost Too Low

A low cost like 4 or 6 hashes almost instantly, which also lets attackers brute-force leaked hashes fast. Use 12 as a baseline.

✗ Wrong 
cost: 4  // far too fast, weak against brute force
✓ Correct 
cost: 12  // modern default, resists brute force

Expecting the Same Hash Twice

Because the salt is random, hashing the same password again yields a different string. Compare with verify, never by checking two hashes for byte equality.

✗ Wrong 
hash(pw) === storedHash  // fails — different salts
✓ Correct 
bcrypt.compare(pw, storedHash)  // correct check

Common Use Cases

Seed a Password Hash in a Database
Generate a bcrypt hash for an admin or test account and insert it directly into your users table, so you can log in without wiring up a full signup flow first.
Debug a Failing Login
Verify a known-good password against the stored hash to confirm whether the hash itself is correct, isolating the bug from your authentication code.
Pick the Right Cost Factor
Generate at several cost levels on your own hardware to feel how long each takes, then choose a work factor that resists brute force without slowing real logins.
Create htpasswd / Basic Auth Entries
Produce a $2y$ bcrypt hash for an Apache, Docker Registry, or Caddy credential, then drop it into a user:hash line for HTTP Basic Auth.
Build Test Fixtures
Mint deterministic-by-password bcrypt hashes to seed integration tests of a login or password-reset flow without standing up a real auth server.
Audit a Hash You Found
Read the anatomy of a bcrypt string in a config or dump to check its cost factor, and verify it against the password you expect to confirm a match.

Technical Details

Blowfish-Based, Adaptive Cost
Bcrypt derives its hash from the Blowfish cipher's expensive key setup, repeated 2^cost times. Raising the cost by one doubles the work, keeping the function slow against brute force as hardware improves.
128-Bit Random Salt
Each hash embeds a 16-byte (128-bit) random salt, Base64-encoded as 22 characters after the cost. The salt makes every hash unique, so identical passwords never share a digest and rainbow tables do not apply.
Self-Describing 60-Character Format
The output is $version$cost$salt+digest — a fixed 60-character string carrying everything needed to verify it. No separate salt column or parameter store is required.
72-Byte Password Limit
Bcrypt only hashes the first 72 bytes of a password; anything beyond that is silently ignored. For very long passphrases, pre-hashing (for example with SHA-256) before bcrypt is a common mitigation.
Verify, Don't Decrypt
Bcrypt is one-way. Verification re-runs the hash on the candidate password using the salt and cost parsed from the stored hash, then compares digests in constant time. There is no operation that recovers the plaintext.
Honesty Notes & Caveats
Hashes are computed locally and never checked against a live system. Copied hashes and any password you typed live on your clipboard and in browser memory — treat them as secrets and clear your clipboard after pasting into production.

Best Practices

Use Cost 12 or Higher
Cost 12 is the modern baseline; raise it toward 14 for sensitive systems as long as login latency stays acceptable. Re-evaluate periodically — what was slow enough five years ago is cheap to attack today.
Never Store or Log Plaintext
Store only the bcrypt hash, never the original password, and keep passwords out of logs and error messages. The whole value of bcrypt is lost if the plaintext leaks alongside it.
Let bcrypt Handle the Salt
Bcrypt generates and embeds a secure random salt for you. Do not supply your own static salt or reuse one — a per-hash random salt is what defeats rainbow tables.
Mind the 72-Byte Limit
If you accept long passphrases, remember bcrypt ignores bytes past 72. Consider pre-hashing with SHA-256, or evaluate Argon2id, when very long inputs must be fully covered.

Bcrypt Generator FAQ

Is an online bcrypt generator safe to use?
With this one, yes — because nothing you type ever leaves your browser. The password, the generated hash, and the verification all run locally in JavaScript on your own device. There are no network requests, no logging, and no storage: you can confirm it by opening your browser's Developer Tools (F12 → Network tab) while you generate a hash and watching for zero outgoing requests, or by disconnecting from the internet and seeing the tool keep working. That is the opposite of a sketchy generator that POSTs your password to a server. As a habit, still prefer a throwaway test password over a real production one whenever you are just experimenting.
How do I generate a bcrypt hash online?
Open the Generate tab, type a password (or click Random password to mint a strong one), pick a cost factor — 12 is the modern default — and choose a version prefix: $2b$ for most modern stacks, $2y$ for PHP and Apache, or $2a$ for the original identifier. The bcrypt hash is computed instantly in your browser with a fresh random salt and appears as a single 60-character $2b$12$... string you can copy with one click. Nothing is uploaded: the password and hash never leave your device. Generate again any time to get another valid hash for the same password, since each one carries a different random salt.
Can a bcrypt hash be decrypted or reversed?
No. bcrypt is a one-way password hashing function, not encryption, so there is no key and no decrypt operation that turns a hash back into the original password. The only way to learn the password from a hash is to guess candidates and hash each one until it matches — which is exactly what bcrypt's adjustable cost factor is designed to make slow and expensive. That is why you verify a password against a hash rather than decrypt it: the tool re-hashes your candidate with the salt and cost stored in the hash and checks whether the result is identical.
What cost factor (work factor) should I use?
Cost 12 is the modern default and a sensible balance of security and speed. The cost is a logarithmic work factor: each increment doubles the number of internal rounds, so cost 13 takes roughly twice as long to compute and verify as cost 12, and cost 11 takes half as long. Higher costs slow down attackers brute-forcing leaked hashes, but they also add latency to every legitimate login, so do not raise it past the point where authentication feels sluggish on your real hardware. Cost 10 is acceptable for low-risk endpoints; 12–14 suits anything sensitive. The valid range is 4 to 31, and this tool lets you pick 4 to 15.
What's the difference between $2a$, $2b$, and $2y$?
They are version prefixes for the same bcrypt algorithm, and the differences trace back to historical bug fixes in how some implementations handled string length and high-bit characters. $2a$ is the original widely used identifier; $2b$ is the corrected current version that the bcryptjs library and most modern implementations emit; and $2y$ is the identifier PHP and Apache's htpasswd use. For verification they are interchangeable — a hash you generate here with any prefix will validate correctly across libraries, because they all run the same core function. Pick the prefix your stack expects if you need byte-for-byte compatibility.
How do I verify a password against a bcrypt hash?
Switch to the Verify tab, paste the stored bcrypt hash (the full $2b$12$... string) and the candidate password, and the tool tells you instantly whether they match. It works by extracting the salt and cost embedded in the hash, re-hashing the candidate password with those exact parameters, and comparing the new digest to the stored one — there is no decryption involved. This is how a login system checks a password: it never recovers the plaintext, it only confirms that re-hashing the submitted password reproduces the stored hash.
bcrypt vs Argon2 vs scrypt — which should I use?
All three are deliberately slow, salted password-hashing functions, and all are far better than a bare SHA-256 for storing passwords. bcrypt is the most widely supported and battle-tested, with a simple tunable cost; its main limits are a 72-byte password cap and that it is CPU-bound only. scrypt adds memory hardness, making large-scale GPU/ASIC attacks costlier. Argon2 (specifically Argon2id) is the current recommendation from the Password Hashing Competition and OWASP, tuning time, memory, and parallelism independently. If you are choosing fresh today, Argon2id is the strongest default; bcrypt remains an excellent, safe choice — especially where library support or interoperability matters. We cover the tradeoffs in depth in bcrypt vs Argon2 vs scrypt.
Why is the bcrypt hash different every time?
Because bcrypt generates a fresh random salt for every hash, and the salt is mixed in before hashing. The same password therefore produces a completely different 60-character string each time you click Generate — and that is the point: it stops attackers from precomputing rainbow tables or spotting that two users share a password. The salt is not secret; it is stored right inside the hash (the 22 characters after the cost), so verification can read it back out. If you re-roll the hash you simply get another valid hash for the same password, and every one of them will verify successfully.

Related Tools

View all tools →

JWT Decoder

Security Tools

Decode JWT tokens online with our free JWT decoder. Instantly inspect header, payload, signature, expiration, algorithm, and claims. 100% browser-based — your token never leaves your device. No signup, no tracking.

JWT Encoder & Generator

Security Tools

Free online JWT generator & encoder. Build the header and payload, sign with HS256, RS256, or ES256 instantly. 100% in-browser — your secret and key never leave your device.

MD5 Hash Generator & File Checksum Tool

Security Tools

Generate MD5, SHA-256, SHA-1 & SHA-512 hashes online for free. Hash text or files in your browser, verify checksums and copy results. No signup needed.

Random Password Generator — Customizable, Strong & Secure

Security Tools

Generate strong random passwords instantly — free, 100% in your browser. Customize length & characters, batch up to 50 with entropy analysis.

SHA-1 Hash Generator (160-bit Legacy)

Security Tools

Generate SHA-1 hashes in your browser — 40-character hex output, no upload. Legacy tool for Git fingerprints, old certificate checks, and migration audits. Data never leaves your device.

SHA-256 Hash Generator & Checksum Tool

Security Tools

Generate SHA-256 hashes online for free. Hash text or files in your browser, verify checksums, and copy 64-character hex output. No signup; data never leaves the page.