How to compute a bcrypt hash from a plaintext password

1. Enter the password

   "Password" is the plaintext string to hash. Whitespace is significant — leading/trailing spaces become part of the input, which is rarely what you want.

2. Pick the cost factor

   "Cost (rounds)" defaults to 10 and accepts 4–14 in practice. Each +1 doubles the work — 12 is roughly 1 second on a modern server; 14 is ~4 seconds. Pick the highest your login budget tolerates.

3. Press Run

   Result returns a single `hash` — a 60-char string starting with `$2b$10$…`. The salt is randomly generated each run, so the same password produces a different hash each time — that's correct, not a bug.

4. Verifying later

   To verify a password against a hash, use a bcrypt library's `compare(plaintext, hash)`. Never store the cost factor separately — it's encoded in the hash itself (`$2b$10$` says cost 10).