DiffCheck

Bcrypt 哈希生成器

生成 bcrypt 密码哈希,或验证明文是否与 bcrypt 哈希匹配。

密码
越高越安全,越慢

What Is Bcrypt?

Bcrypt is a password hashing algorithm designed by Niels Provos and David Mazières in 1999, based on the Blowfish cipher. Unlike fast hash functions such as MD5 or SHA-256, bcrypt is intentionally slow and includes an adjustable cost factor (also called work factor or rounds) that controls how computationally expensive each hash operation is. A random salt is generated and embedded in every bcrypt hash, preventing precomputed rainbow table attacks. Together, the cost factor and salt make bcrypt one of the most widely recommended algorithms for storing passwords securely in web applications.

How to Use the Bcrypt Hash Generator

  1. Select the Hash tab to generate a bcrypt hash from a plaintext password.
  2. Enter the password in the input field and choose a cost factor (10 is the recommended default).
  3. Click Generate Hash. The bcrypt hash appears in the output panel.
  4. To verify a password, switch to the Verify tab, paste the plaintext and the bcrypt hash, then click Verify.

Features

  • Generate bcrypt hashes with selectable cost factor: 8, 10, 12, or 14
  • Verify whether a plaintext password matches a bcrypt hash
  • Each hash includes a unique random salt — no two hashes are identical
  • Copy generated hash to clipboard in one click
  • Powered by bcryptjs — runs entirely in your browser, zero server uploads
  • Supports the standard $2b$ bcrypt hash format

FAQ

What is bcrypt?

Bcrypt is a password hashing algorithm designed by Niels Provos and David Mazières in 1999. It incorporates a salt to protect against rainbow table attacks and an adjustable cost factor that controls how computationally expensive hashing is, making it resistant to brute-force attacks as hardware improves.

What cost factor (rounds) should I use?

OWASP recommends a minimum cost factor of 10 for most applications. Cost factor 12 provides stronger protection and is suitable for modern hardware. Each increment doubles the computation time: factor 10 takes ~100ms, factor 12 takes ~400ms, factor 14 takes ~1.6s per hash on a typical CPU.

Why is my bcrypt hash different every time?

Bcrypt generates a random salt for each hash. Even if you hash the same password twice, the resulting hashes will be different. The salt is embedded in the hash string itself, so the verify function can extract it and confirm the password correctly.

Is my password sent to a server?

No. All hashing and verification happens entirely in your browser using the bcryptjs library. No data is transmitted to any server.