Toolypet
SECURITY TOOL

Bcrypt Hash Generator

Generate and verify bcrypt password hashes with configurable cost factors. Understand adaptive hashing, salt management, and modern password storage practices.

10 (2^10 = 1,024 iterations)
4 (fast)16 (slow, secure)

Enter a password and click generate

Bcrypt: The Gold Standard for Password Hashing

Adaptive Cost: Future-Proof by Design

Bcrypt's key innovation is the cost factor: a parameter that controls the number of iterations as 2n. At cost 10, bcrypt runs 1,024 iterations; at cost 12, 4,096. As hardware gets faster, you increase the cost. In 1999 (bcrypt's creation), cost 6 was adequate. Today, OWASP recommends cost 12(4,096 iterations), targeting ~250ms per hash on modern hardware. An attacker with an RTX 4090 GPU can attempt only ~3,000 bcrypt hashes per second at cost 12 — compared to 164 billion MD5 hashes per second.

Anatomy of a Bcrypt Hash

$2b$12$WApznUPhVgGBSn9YhGKZe.vDyJBuSaLzMv7X3aB/m.p.MhNUyHway

$2b$ identifies the bcrypt version (2b is current). 12 is the cost factor. The next 22 characters are the Base64-encoded 128-bit salt. The remaining 31 charactersare the hash output. The salt is embedded in the hash string itself, so no separate salt storage is needed — just store the full 60-character string.

Bcrypt vs Argon2 vs scrypt

AlgorithmYearMemory-HardGPU Resistant
bcrypt1999Partial (4KB)Good
scrypt2009Yes (configurable)Very Good
Argon2id2015Yes (configurable)Excellent

Argon2id (2015 Password Hashing Competition winner) is theoretically superior due to configurable memory hardness, but bcrypt remains the most widely deployed and battle-tested algorithm. It is the default in Django, Rails, Spring Security, and Laravel.

Browser Implementation Note

True bcrypt uses the Blowfish cipher's expensive key schedule, which is not available in the Web Crypto API. This tool uses PBKDF2-SHA256as the underlying KDF to simulate bcrypt's behavior, producing a $2b$-formatted string for educational purposes. For production password hashing, use a server-side bcrypt library (e.g., bcrypt.js for Node.js, passlib for Python) that implements the full Blowfish-based algorithm.

Frequently Asked Questions

What cost factor should I use?

OWASP recommends targeting ~250ms per hash on your production hardware. Start at cost 12 and benchmark. If login takes under 100ms, increase. If over 500ms, decrease. Each increment doubles the computation time. Cost 10 is the absolute minimum for 2024; cost 12-14 is recommended for most applications.

Does bcrypt have a maximum password length?

Yes. Bcrypt truncates passwords at 72 bytes. For UTF-8, this means 72 ASCII characters or fewer for multi-byte characters. If your application allows very long passwords, pre-hash with SHA-256 before passing to bcrypt (this is what Dropbox does). The $2b$ version also fixes a bug in earlier versions that handled non-ASCII characters incorrectly.

How do I migrate from MD5/SHA-256 to bcrypt?

The standard approach is “hash wrapping”: bcrypt(existing_md5_hash). On next login, verify the old MD5 hash, then re-hash the raw password with bcrypt and store the new hash. Set a flag on the user record. After a migration period, force remaining users to reset their password. This approach requires zero downtime and no mass password resets.