Bcrypt is a password hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher. It's purpose-built for securely storing passwords. Unlike general-purpose hash functions (SHA-256, MD5), bcrypt is intentionally slow and includes a built-in salt to defend against rainbow table attacks and brute-force attacks. The slowness is controlled by the cost factor, making it adaptable as hardware improves.

The cost factor (also called work factor or rounds) determines how computationally expensive the hashing process is. It's an exponent: the actual number of iterations is 2^cost. For example, a cost factor of 12 means 2¹² = 4,096 hashing rounds. Each increment doubles the work. Recommended values: 10–12 for most web applications (as of 2024). Higher values (13+) provide stronger security but may cause noticeable delays during login.

SHA-256 and MD5 are general-purpose hash functions — they're fast by design, which makes them unsuitable for password hashing. A GPU can compute billions of SHA-256 hashes per second, making brute-force attacks trivial. Bcrypt is deliberately slow and memory-intensive, drastically increasing the cost of attacks. Additionally, bcrypt automatically handles salting (embedding a unique random value into each hash), while with SHA-256 you'd need to implement salting manually.

A bcrypt hash is always 60 characters long and follows this structure:
$2a$12$L9B5Q8xGp3ZkR7mN2vW1uOjH6cY4eA0tF9sD3xK1
It breaks down into:

• $2a$ — Algorithm version (may be $2b$ or $2y$)
• 12 — Cost factor (2 digits)
• L9B5Q8xGp3ZkR7mN2vW1uO — Salt (22 characters, Base64)
• jH6cY4eA0tF9sD3xK1 — Hash digest (31 characters, Base64)

The entire hash is self-contained — you don't need to store the salt separately.

Yes. All computation happens entirely in your browser using JavaScript. Your password never leaves your device — it is not transmitted to any server, logged, or stored anywhere. You can verify this by disconnecting your internet after the page loads; the tool will continue to work. For production systems, we recommend using server-side bcrypt libraries (e.g., in Node.js, Python, PHP, or Java).

Use the Verifier tab above. Simply enter the original plain-text password and the bcrypt hash you want to check. The tool extracts the salt and cost factor from the hash itself, re-hashes the password with those parameters, and compares the results. In your own applications, use your language's bcrypt library's compare() or check() function — never compare hashes with == directly.

Argon2 (winner of the 2015 Password Hashing Competition) is considered more modern and offers better resistance against GPU and ASIC attacks due to its memory-hardness. However, bcrypt remains a solid, battle-tested choice with widespread library support across all major languages. If you're starting a new project in 2024, consider Argon2id. If you need maximum compatibility or are maintaining an existing system, bcrypt with cost factor 12+ is still perfectly secure.

These are algorithm version identifiers in the hash prefix:

• $2a$ — Original bcrypt, has a known bug with certain 8-bit characters.
• $2b$ — Fixed version (used by OpenBSD), addressing the 8-bit bug.
• $2y$ — PHP's version, introduced in PHP 5.3.7 to fix an implementation issue with $2a$ in crypt_blowfish.

All three are interoperable for most practical purposes. Modern bcrypt libraries typically generate $2b$ or $2y$ hashes.