WithusToolsWithusTools

Bcrypt Hash Calculator

hash

All hashing runs in your browser. Data is never sent to any server.

Password Input

Verify Password

← Back to Hash Calculator← Back to home

1. How to Use

  1. Enter your password in the input box.
  2. Select salt rounds (10 recommended; higher = slower but more secure).
  3. Click 'Generate Bcrypt Hash' to create the bcrypt password hash.
  4. Use the Verify section to test if a password matches a bcrypt hash.
  5. Copy the hash (includes salt and parameters) for storage.

2. How It Works

Bcrypt is based on the Blowfish block cipher. It uses an expensive key setup (EksBlowfish) that depends on the password and salt. Cost factor = 2^rounds (e.g., 10 → 1024 iterations).

Algorithm: (1) Generate salt (128 bits). (2) State = EksBlowfishSetup(password, salt, cost). (3) Repeat 64 times: state = ExpensiveKeySchedule(state, password, salt). (4) Encrypt 'OrpheanBeholderScryDoubt' 64 times using state; output = $2a$rounds$salt$hash.

EksBlowfish: Blowfish key schedule modified so that the P-array and S-boxes are derived from password and salt via repeated encryptions. Each round doubles the work.

Output format: $2a$10$[22-char salt][31-char hash]. Rounds 4–31 supported; this tool offers 4–14 for browser performance.

3. About Bcrypt

Bcrypt is a password hashing function designed by Niels Provos and David Mazières. It is deliberately slow to resist brute-force attacks.

This bcrypt hash calculator generates bcrypt hashes with configurable salt rounds. The hash includes all parameters—no separate salt storage needed for verification.

All hashing runs in your browser; passwords never leave your device.

4. Advantages

  • Adaptive cost: Increase rounds as hardware improves.
  • Built-in salt: Salt is embedded in the hash output.
  • Widely supported: Libraries in every major language.
  • Proven: Used since 1999; well-studied.

5. Real-World Use Cases

  • Password storage: Hash user passwords before storing in databases.
  • Application authentication: Django, Rails, and many frameworks use bcrypt.
  • Verification: Test if a password matches a stored bcrypt hash.
  • Security auditing: Verify password policy compliance.

More security Tools

SSH Key Generator
Base64 Encoder/Decoder
Password Generator
Hash Calculator← All tools