🔒bcrypt Hash / Verify
Generate and verify bcrypt hashes with adjustable cost factor. Useful for auth system development, test dummy data, and database checks.
How to use
- 1Enter a password.
- 2Pick a cost factor (usually 10~12).
- 3Generate or verify against an existing hash.
FAQ
Can I use this in production?+
For testing and learning. In production, use bcryptjs/bcrypt on the server. Pasting passwords into external tools isn't recommended.
What's a cost factor?+
Hash iteration count (2^cost). Higher is safer but slower. 10 (2024 standard), 12 (high security), 14+ (very secure but very slow).
bcrypt vs SHA-256?+
SHA-256 is a fast hash (for verification); bcrypt is slow (for password protection). Slow hashes resist brute-force attacks.
What about salt?+
bcrypt auto-embeds the salt in the hash. No separate handling. The hash itself has $2b$10$... including the salt.
Comparison with Argon2?+
Argon2 is newer with strong memory-attack resistance. bcrypt is more battle-tested and widely compatible. For new projects, Argon2 is recommended.
Same hash if I hash the same password twice?+
No. The salt differs each time, so the hash differs. Verification compares password + hash.