Bcrypt Generator
Generate bcrypt hashes with configurable salt rounds.
What is Bcrypt Generator?
A bcrypt generator is a tool that takes a plaintext password and produces a bcrypt hash, a fixed-format string containing the algorithm version, cost factor, salt, and hashed password. Bcrypt, designed by Provos and Mazieres in 1999, remains a recommended algorithm in OWASP’s Password Storage Cheat Sheet because its tunable cost factor lets defenders raise the work per guess as hardware speeds up.
This bcrypt generator runs the bcryptjs library in your browser. Developers building authentication, security engineers seeding test accounts, and educators demonstrating slow-hash semantics use it to inspect bcrypt output and tune the cost factor.
Why use a Bcrypt Generator?
- Inspect real hash output. See the
$2a$12$...format with version, cost, salt, and hash clearly delimited. - Tune the cost factor. Try cost 10, 12, 14 to see how time scales (~13 ms, ~50 ms, ~200 ms on a modern laptop).
- Seed test fixtures. Pre-compute hashes so integration tests sign in without going through registration.
- Stay private. Hashing runs locally; the password never leaves your browser tab.
How to use the Bcrypt Generator
- Type the password into the Password field.
- Drag the Salt Rounds slider between 4 and 14 (10 is OWASP minimum, 12 is the production default).
- Click Generate Hash. High cost factors may take a second.
- Copy the resulting Bcrypt Hash.
A sample output at cost 12:
$2a$12$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWyHow bcrypt works
Bcrypt is built on the Blowfish cipher, modified so the key-setup phase is intentionally expensive. The cost factor controls how many rounds run per hash, and each increment doubles the work. The output is the Modular Crypt Format string with version, cost, 22-char salt, and hash sections:
$2a$12$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWyThe salt is unique per hash and stored inside the output, so verifying only needs the candidate plaintext and the stored hash.
Cost factor reference
Pick the highest cost your server can tolerate, then raise it again every few years as hardware improves. Target about 250 ms per hash on production.
| Cost | Iterations | Approx time | Recommendation |
|---|---|---|---|
| 4 | 16 | <1 ms | Testing only |
| 10 | 1,024 | ~13 ms | OWASP minimum |
| 12 | 4,096 | ~50 ms | Production default |
| 14 | 16,384 | ~200 ms | High-security accounts |
Security considerations
Bcrypt has a 72-byte input limit; longer passwords are silently truncated. Wrap with HMAC-SHA-256 first if you feed pre-stretched input. Production auth must hash on the server, not the client: client-side hashes let an attacker replay the hash directly. Use this tool to inspect output and seed test data, not to replace server-side hashing.
Common use cases
- Backend developers seeding test users. Pre-compute hashes for fixtures so integration tests have working credentials.
- Security engineers planning cost upgrades. Measure hash time at current and target cost factors before rolling out a change.
- QA engineers validating password reset flows. Generate a known hash, drop it into a test row, exercise the reset path.
Frequently asked questions
Is bcrypt still secure?
Yes. OWASP lists bcrypt, scrypt, argon2, and PBKDF2 as acceptable. Argon2id is the modern recommendation and resists GPU attacks more strongly, but bcrypt with cost 12 or higher remains safe for most applications.
What is the difference between bcrypt and SHA-256?
SHA-256 is a fast hash computed billions of times per second. Bcrypt is deliberately slow, so an attacker who steals a hash database cannot test billions of guesses per second. Never use SHA-256, SHA-1, or MD5 for passwords.
What does the $2a$ prefix mean?
It identifies the bcrypt algorithm version. $2a$ is the most common; $2b$ is the spec-corrected version. The version is followed by the cost factor ($12$) and then the salt and hash.
Can two passwords produce the same bcrypt hash?
No. Each hash includes a 128-bit salt from a cryptographic RNG, so hashing the same password twice produces different output.
Can bcrypt be reversed?
No. Bcrypt is a one-way function. Verification hashes the candidate with the stored salt and cost, then compares results. There is no way to derive the original password without guessing.
Is the password sent to a server?
No. This tool runs bcryptjs in your browser. The plaintext password never leaves your machine, and no network call is made when you click Generate Hash.
Related tools
- Address Generator: Generate realistic random street addresses for form testing.
- API Key Generator: Produce random API keys in hex, base62, or UUID format.
- Crontab Generator: Build cron expressions visually with live next-run previews.
- Password Generator: Generate strong random passwords with customizable character sets.
Related tools
ShotMark captures what you do here, in one click.
The traces, payloads, and tests you run by hand? ShotMark grabs the whole bug and hands it to your AI agent.