Bcrypt Hash & Verify Online — Cost 4–14
Hash a password with bcrypt (cost 4–14) or verify a hash in your browser. Warns when input exceeds the 72-byte bcrypt limit. Not production auth scaffolding.
Developer notes
• Modes: hash (password + cost → $2…) or verify (password + hash → match / no-match). • Cost outside 4–14 is rejected (no silent clamp). • bcrypt truncates passwords after 72 UTF-8 bytes — UI warns when exceeded. • Uses bcryptjs via dynamic import. • Not Argon2/scrypt; not a production auth skeleton.
Options
When teams pick this route
• Generate fixture hashes for local tests. • Spot-check a stored bcrypt hash against a candidate password. • Learn cost factors without spinning up a backend.
Worked examples
Hash a password
Before
After
Verify
Before
After
Related tools
Generate random passwords with password-generator. For keyed message auth (not passwords) use hmac-generator. Hub: security tools.
Bcrypt FAQ
Hash & verify
Is bcrypt “unbreakable”?
No. Bcrypt is a slow password hash with a work factor — not a guarantee. Use your app’s recommended hasher and policies.
Why warn at 72 bytes?
bcrypt silently truncates after 72 UTF-8 bytes. Longer passwords still run, but only the first 72 bytes matter.
Is this production authentication?
No. This is a local helper for fixtures and debugging — not an auth product or secure login system.
More security tools in this cluster
Looking for converters, encoders, formatters, and minifiers in one place? Developer tools hub Open the curated developer tools catalogue.