Bcrypt Hash Generator & Verifier

Hash or verify a password with bcrypt at any cost factor, fully in-browser

Generate or verify bcrypt password hashes at cost factors 4 to 14 using a self-contained JavaScript bcrypt implementation that runs entirely in your browser. Create test fixtures, verify hash implementations, and demonstrate cost-factor timing — no server, no password sent anywhere. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

What is the cost factor?

The cost (or work factor) sets how many times bcrypt iterates its key-setup loop: 2 to the power of the cost. Each increment doubles the time to hash, making brute-force attacks proportionally harder. Cost 10 to 12 is typical for production today.

Bcrypt is the password-hashing function of choice for many applications because it is deliberately slow and includes a tunable cost factor. This tool runs a complete bcrypt implementation in your browser so you can generate standard $2b$ hashes or verify a password against an existing hash — useful for building test fixtures, confirming a backend produces compatible output, and showing stakeholders how cost factors affect timing. Nothing is ever sent to a server.

How it works

Bcrypt is built on the Blowfish cipher’s expensive key schedule:

  1. A random 16-byte salt is generated and base64-encoded (bcrypt’s own alphabet).
  2. The password and salt feed EksBlowfishSetup, which runs the key schedule 2^cost times — this is the slow, attack-resisting step.
  3. The constant string OrpheanBeholderScryDoubt is encrypted 64 times with the resulting key schedule to produce the 24-byte hash.
  4. The cost, salt, and hash are assembled into the familiar $2b$cost$saltsalthashhash... string.

Verification re-derives the hash using the salt and cost embedded in the stored string, then compares the result. Because the salt is random per hash, the same password yields different strings each time, yet still verifies correctly.

Tips and notes

  • Pick a cost where a single hash takes a meaningful fraction of a second on your target hardware; cost 10–12 is common in 2026.
  • Bcrypt silently truncates passwords longer than 72 bytes — long passphrases beyond that length add no security with bcrypt alone.
  • Use generated hashes as seed/test fixtures, never reuse a real production password here.
  • A higher cost is not free: it costs your servers CPU on every login, so balance security against login latency.

Choosing the right cost factor

The cost factor is the most important tuning knob when deploying bcrypt. Too low and brute-force attacks become practical; too high and every login introduces noticeable latency for legitimate users. The conventional target is to keep a single hash under 100ms on your login server. What cost achieves that depends on the server hardware — a cost of 10 is often the right call on a modern server, but the only way to know is to benchmark.

The cost demonstration in this tool shows the real timing in your browser, which is a different machine than your server, but it gives an order-of-magnitude feel. Watch how cost 12 feels noticeably slower than cost 10: that extra second is two doublings of the work factor.

The 72-byte truncation

One widely-unknown quirk of bcrypt is that it silently ignores everything past the 72nd byte of the password. Two passphrases that share the same first 72 bytes but differ after that will produce the same hash and both verify as “correct.” In practice, users rarely set passwords long enough to trigger this, but it is worth knowing if you allow very long passphrases. If you need to support arbitrarily long passwords with bcrypt, a common mitigation is to SHA-256 the password first, then bcrypt the hash.

When to verify an existing hash

The verifier mode is useful for confirming that your application produces standard-compatible hashes. If your backend is using a bcrypt library, generate a hash here at the same cost and compare it to your library’s output for the same input — if both verify against each other, the implementations are compatible. This is also helpful when migrating to a new bcrypt library or language: generate a set of hashes with the old library, verify them with the new one, and confirm full compatibility before flipping the switch in production.