Something wrong with this tool?
About Bcrypt Generator Online
This tool computes bcrypt hashes of a plaintext password using a configurable cost factor. Bcrypt is the industry-standard algorithm for hashing passwords before storing them in databases — designed to be slow and tunable, so future hardware speedups can be countered by increasing the cost factor.
Use it when setting up authentication systems, when testing how slow your chosen cost factor will be at scale, when generating test data with realistic hashes, or to verify a password matches an existing bcrypt hash.
Choose a cost factor of 10-12 for typical web applications (about 100-300ms per hash on modern servers). Higher costs (13+) give more brute-force resistance but slow down login time noticeably.
How to use this tool
How to compute a bcrypt hash from a plaintext password
Enter the password
"Password" is the plaintext string to hash. Whitespace is significant — leading/trailing spaces become part of the input, which is rarely what you want.
Pick the cost factor
"Cost (rounds)" defaults to 10 and accepts 4–14 in practice. Each +1 doubles the work — 12 is roughly 1 second on a modern server; 14 is ~4 seconds. Pick the highest your login budget tolerates.
Press Run
Result returns a single `hash` — a 60-char string starting with `$2b$10$…`. The salt is randomly generated each run, so the same password produces a different hash each time — that's correct, not a bug.
Verifying later
To verify a password against a hash, use a bcrypt library's `compare(plaintext, hash)`. Never store the cost factor separately — it's encoded in the hash itself (`$2b$10$` says cost 10).