How do I generate a bcrypt hash online for free? ▾
Use this bcrypt generator: enter your password, choose a cost factor (10 or higher for production), and click Generate Hash. The bcrypt hash appears instantly — computed in your browser using the bcryptjs library. No upload, no signup, no usage limits.
How do I verify a bcrypt hash against a password? ▾
Switch to the Verify tab. Enter the plaintext password you want to test, then paste the full bcrypt hash (60 characters, starting with $2a$, $2b$, or $2y$). Click Verify Match. The tool tells you whether the password matches the hash. This uses constant-time comparison to prevent timing attacks.
What is the difference between $2a$, $2b$, and $2y$ in bcrypt hashes? ▾
All three are bcrypt format identifiers with different historical origins. $2a$ is the original specification. $2b$ was introduced after a wrap-around bug was found in early implementations for very long passwords. $2y$ is a PHP-specific variant that fixes the same bug. All modern implementations (including this generator) treat them as interchangeable for normal-length passwords — you can verify any variant against any other.
What is the bcrypt cost factor (rounds) and what should I choose? ▾
The cost factor (also called "rounds" or "work factor") determines how many iterations bcrypt performs. Each increment doubles both the hashing time and the time required for an attacker to brute-force. Cost 10 (1,024 iterations) is the historical minimum for production. OWASP recommends cost 12 (4,096 iterations) as of 2023+. For high-security applications, use cost 14+. Cost values range from 4 (very fast, for testing) to 31 (essentially uncrackable, takes minutes per hash).
Is bcrypt secure in 2026? Should I still use it for new projects? ▾
bcrypt remains cryptographically secure in 2026 with no known practical attacks. It is still recommended by OWASP, NIST, and most security guidelines. For new projects, Argon2id is generally preferred because it is memory-hard (resistant to GPU/ASIC attacks) and was the winner of the 2015 Password Hashing Competition. However, bcrypt is still an excellent choice — it has 25+ years of real-world deployment, mature library support in every language, and known security properties.
Can bcrypt hashes be reversed or decrypted? ▾
No — bcrypt is a one-way function. There is no mathematical way to recover the original password from a bcrypt hash. The only way to "crack" a bcrypt hash is to guess possible passwords, hash each guess with the same salt and cost factor, and check for a match. This is computationally expensive by design — at cost 12, an attacker with a high-end GPU might try only a few thousand guesses per second per GPU.
Why does the same password produce a different bcrypt hash each time? ▾
Each call to bcrypt generates a fresh random 128-bit salt, which is embedded into the resulting hash. Same password + same cost + different salt = different hash output. This is intentional and is what defeats rainbow-table attacks. When you verify a password, bcrypt extracts the salt from the stored hash to recompute and compare — that's why verification still works even though the hash looks different every time.
What is the maximum password length for bcrypt? ▾
bcrypt processes a maximum of 72 bytes from the input password. Bytes beyond position 72 are silently ignored — meaning two passwords differing only after position 72 will produce identical hashes. For most use cases this is not a problem (passwords are rarely that long), but if your application allows long passwords, you should pre-hash the password with SHA-256 first, then feed the hex digest to bcrypt. Argon2id has no such length limit.
How long is a bcrypt hash? ▾
A bcrypt hash is exactly 60 characters long, regardless of cost factor or password length. The format is: $2a$ (4 chars, version) + cost (2 chars) + $ (1 char) + salt (22 chars base64) + hash (31 chars base64) = 60 characters total. Example: $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
Is my password sent to your server when generating a bcrypt hash? ▾
No. Everything happens in your browser using the bcryptjs JavaScript library. Your password is never sent to any server. You can verify this by opening your browser's Developer Tools, switching to the Network tab, and generating a hash — you'll see zero outgoing requests containing your password. This makes the tool safe to use even with real production passwords.
bcrypt vs Argon2 vs scrypt — which password hash is best? ▾
All three are dedicated password hashing functions and significantly better than plain SHA-256. Argon2id (2015) is the modern recommendation — it's memory-hard, customizable, and was the winner of the Password Hashing Competition. scrypt (2009) is also memory-hard and used by some cryptocurrencies. bcrypt (1999) is well-established and battle-tested but only CPU-hard (not memory-hard). For new projects, prefer Argon2id. For existing projects using bcrypt with cost 12+, there is no urgent need to migrate.
Can I use this bcrypt hash in Node.js, Python, PHP, etc.? ▾
Yes. The bcrypt format is portable across all major languages. A hash generated here works with: Node.js (bcrypt or bcryptjs npm packages), Python (bcrypt package, passlib), PHP (password_hash and password_verify built-ins), Ruby (bcrypt gem), Java (jBCrypt, Spring Security), Go (golang.org/x/crypto/bcrypt), Rust (bcrypt crate), and .NET (BCrypt.Net). Just store the full 60-character hash and use the library's verify/check_password function to compare against a candidate password.