A slow, salted password hashing algorithm designed to resist brute-force attacks. Each increase in cost factor doubles the computation time.

What cost factor should I use?

10–12 is recommended for most web apps. Higher is more secure but makes login slower.

Can bcrypt be reversed?

No. Bcrypt is one-way. Verification works by hashing the input again and comparing, not by reversing.

Why use bcrypt over SHA-256 for passwords?

SHA-256 is fast — attackers can compute billions per second. Bcrypt is slow by design, and automatically salts every hash.

🔐

Bcrypt Hash Generator

Hash and verify passwords with bcrypt. Runs entirely in your browser — no data sent to servers.

🔒 Security Tools Free Browser-based

Tool

Password

Cost factor (rounds): 10

4 (fast)10 (recommended)14 (slow)

What Is Bcrypt?

Bcrypt is a password hashing function based on the Blowfish cipher, designed by Niels Provos and David Mazières in 1999. Unlike general-purpose hash functions (MD5, SHA-256), bcrypt is intentionally slow and includes automatic salting, making it ideal for storing passwords securely.

Understanding the Cost Factor

Cost factor	Approx. hashes/sec (modern CPU)	Use case
8	~2,000	Testing / development only
10	~500	Standard web applications
12	~125	High-security applications
14	~30	Maximum security (slow logins)

Bcrypt vs MD5 vs SHA-256

MD5 and SHA-256 are fast — billions of hashes per second on modern hardware — making them unsuitable for password storage. Bcrypt is designed to be slow. It also automatically embeds a unique salt in every hash, so two identical passwords produce different hashes, defeating rainbow table attacks.

Bcrypt Hash Generator

What Is Bcrypt?

Understanding the Cost Factor

Bcrypt vs MD5 vs SHA-256

Frequently Asked Questions