Bcrypt Password Hashing

Generate secure password hashes using Bcrypt, a password-hashing function designed for security.

Generate Bcrypt Hash

Create a secure hash from a password

Higher values are more secure but slower. 12 is a good balance.
Bcrypt Hash:

Verify Password

Check if a password matches a Bcrypt hash

About Bcrypt

Bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher. It is specifically designed for password hashing, incorporating a salt to protect against rainbow table attacks and adaptive cost to remain resistant to brute-force attacks as computing power increases.

Key Features of Bcrypt:
  • Salt: Bcrypt automatically generates and incorporates a random salt, making each hash unique even for identical passwords.
  • Adaptive Cost: The work factor (cost) can be adjusted to make the hashing process slower, which helps defend against brute-force attacks.
  • Future-Proof: As computers get faster, the cost factor can be increased to maintain security.
  • All-in-One: The salt and cost factor are stored as part of the hash, making verification straightforward.
Bcrypt Hash Format:

A Bcrypt hash typically looks like this:

$2b$12$LJ3m5ZlpLMqKVN8a49jnXe9orx9HnKrSJ0zF0d4qXJQGYQTEXqOXu

This format contains:

  • $2b$ - The hash algorithm identifier (2b for Bcrypt)
  • 12$ - The cost factor (12 rounds in this example)
  • LJ3m5ZlpLMqKVN8a49jnXe - The 22-character salt (base64 encoded)
  • 9orx9HnKrSJ0zF0d4qXJQGYQTEXqOXu - The 31-character hash (base64 encoded)
Recommended Cost Factors:
Cost Factor Iterations (2^cost) Typical Use Case
10 1,024 Minimum recommended for production
12 4,096 Recommended for most applications
14 16,384 High-security applications
Security Best Practice: Bcrypt is one of the recommended algorithms for secure password storage, along with Argon2, scrypt, and PBKDF2. Always use a specialized password hashing function rather than general-purpose hash functions like SHA-256 for password storage.