⚡ Security · Client-side · No data sent to server

Bcrypt Generator & Verifier

Generate bcrypt password hashes and verify a password against a hash. Hashing runs in your browser, so nothing is sent anywhere.

Higher cost is slower on purpose.
Copied
Bcrypt hash
 
 
  
 
   
 
   
 
  
 
 
 
 
  
Runs in your browser. Hashing and verification happen entirely on your device using bundled code. Nothing is sent anywhere. A higher cost takes longer by design, so larger values are slower than smaller ones.
 
 
  
 
 
 
About the Bcrypt Generator & Verifier
 
The Bcrypt Generator & Verifier creates bcrypt password hashes and checks whether a plain-text password matches an existing hash. Bcrypt is a salted, adaptive hash built for storing passwords: it bakes a random salt into every hash and uses a cost factor to control how much work each hash takes. This tool is for WordPress and web developers who need to produce or test password hashes for user records, fixtures, or migrations. Hashing and verification run entirely in your browser, so the password and hash never leave your device.
 
 
 
 
How it works
 
     
  1. On the Generate tab, type a password and pick a cost factor (4 to 12). Cost 10 is the default.
  2. Click Generate to produce a bcrypt hash. A fresh random salt is included, so the same password gives a different hash each run.
  3. Copy the hash with the Copy button.
  4. On the Verify tab, paste a password and a bcrypt hash, then click Verify to see whether they match.
    5.  
 
 
 
Features
 
     
  • Generate bcrypt hashes with a selectable cost factor from 4 to 12.
  • Verify a password against an existing $2a$, $2b$, or $2y$ hash.
  • Random salt embedded in every generated hash.
  • One-click copy of the resulting hash.
  • Runs fully in the browser with no network requests and no external libraries.
    •  
 
 
 
 
Frequently asked questions
 
 
 Is my password sent anywhere? 
No. The bcrypt code is bundled into the page and runs in your browser. No password or hash is uploaded, and the tool makes no network requests while hashing or verifying.
 
 What cost factor should I use? 
Cost 10 is a common default and is the value set here. A higher cost makes each hash slower, which raises the effort needed to brute-force it. Increase the cost if you want more resistance and can accept the extra time per hash.
 
 Why does the same password produce a different hash each time? 
Each generated hash includes a new random salt. Verification reads the salt and cost from the stored hash, so different hashes of the same password still verify correctly.
 
 Which hash formats can the verifier read? 
It accepts standard bcrypt hashes beginning with $2a$, $2b$, or $2y$. These are the prefixes produced by common bcrypt implementations, including the ones used by PHP and WordPress.
 
 Does a higher cost freeze my browser? 
Higher cost is slower on purpose, but the tool hashes in small chunks and yields back to the page, so the interface stays responsive. Within the 4 to 12 range the wait is short on a typical device.
 
 
 
 
 
 
Related security tools
 
  Password Generator Generate strong, random passwords with custom rules.  Hash Generator Create MD5, SHA-1, SHA-256, and SHA-512 hashes from text.  Password Strength Checker Check how strong a password is and why.  CSP Builder Build a Content-Security-Policy header with a guided form.  CORS Header Validator Check CORS settings and spot common misconfigurations.