Bcrypt Hash & Verify Online — Cost 4–14

Hash a password with bcrypt (cost 4–14) or verify a hash in your browser. Warns when input exceeds the 72-byte bcrypt limit. Not production auth scaffolding.

Loading…
Bcrypt hash & verify — browser-local
Hash a password with bcrypt or verify a modular crypt hash. Cost 4–14. Not unbreakable and not production auth.

Developer notes

• Modes: hash (password + cost → $2…) or verify (password + hash → match / no-match). • Cost outside 4–14 is rejected (no silent clamp). • bcrypt truncates passwords after 72 UTF-8 bytes — UI warns when exceeded. • Uses bcryptjs via dynamic import. • Not Argon2/scrypt; not a production auth skeleton.

Options

Mode
hash produces a bcrypt modular crypt string; verify compares password to a hash.
Cost
Integer 4–14 (default 10). Values outside the range are rejected — never clamped.

When teams pick this route

• Generate fixture hashes for local tests. • Spot-check a stored bcrypt hash against a candidate password. • Learn cost factors without spinning up a backend.

Worked examples

Hash a password

Before

correct-horse-battery-staple-fixture-password

After

$2a$10$… (modular crypt bcrypt hash)

Verify

Before

password + $2a$10$…

After

Match or No match

Related tools

Generate random passwords with password-generator. For keyed message auth (not passwords) use hmac-generator. Hub: security tools.

Bcrypt FAQ

Hash & verify

Is bcrypt “unbreakable”?

No. Bcrypt is a slow password hash with a work factor — not a guarantee. Use your app’s recommended hasher and policies.

Why warn at 72 bytes?

bcrypt silently truncates after 72 UTF-8 bytes. Longer passwords still run, but only the first 72 bytes matter.

Is this production authentication?

No. This is a local helper for fixtures and debugging — not an auth product or secure login system.

More security tools in this cluster

Looking for converters, encoders, formatters, and minifiers in one place? Developer tools hub Open the curated developer tools catalogue.