What is Bcrypt?
Bcrypt is a password-hashing function designed in 1999 by Niels Provos and David Mazières, based on the Blowfish cipher. Unlike fast cryptographic hashes like SHA-256, bcrypt is deliberately slow and includes a built-in salt and a tunable work factor. The work factor (also called cost) controls how many rounds of key setup run during each hash operation. Increasing the cost by one doubles the compute time, which lets bcrypt stay resistant to brute-force attacks as hardware gets faster. Bcrypt is still one of the recommended password-hashing algorithms alongside Argon2 and scrypt.
How to Use This Tool
In Generate mode, type a password and pick a cost factor, then click Generate. The tool produces a bcrypt hash string that embeds the algorithm version, cost, random salt and digest all in one $2a$10$... formatted string. In Verify mode, paste an existing hash and a candidate password. The tool tells you whether the password matches. Everything runs in your browser with bcryptjs, so no passwords are ever sent over the network.
Choosing a Cost Factor
The cost factor is a power-of-two exponent for the internal round count. A cost of 10 means 2^10 = 1024 rounds, which targets roughly 100ms of CPU on a typical server in 2026. The OWASP guideline is to use a cost that forces at least 250ms to 500ms per hash on your production hardware, so 10 to 12 is the modern sweet spot. Do not set cost below 8 in production and do not go above 14 unless you have measured latency under load.
Bcrypt Hash Format
A bcrypt hash looks like $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy. The parts are: $2a$ is the algorithm version (2a, 2b or 2y), 10 is the cost factor, the next 22 characters are a base64-encoded salt, and the remaining 31 characters are the digest. Because the salt and cost are embedded, you only need to store the single hash string in your database.
Frequently Asked Questions
Why does bcrypt truncate passwords at 72 bytes?
Bcrypt was originally designed to work on 72-byte input and most implementations (including bcryptjs) silently truncate longer inputs. For very long passwords, pre-hash with SHA-256 and feed the digest to bcrypt. OWASP recommends this as the canonical workaround.
Can I use the same hash on different servers?
Yes. The bcrypt hash format is portable. A hash produced in Node.js with bcryptjs verifies correctly with Python passlib, Ruby bcrypt, PHP password_verify and others, as long as the $2a$ or $2b$ prefix is compatible. Do not modify the hash string before storing.
Is bcrypt still the right choice in 2026?
Bcrypt, Argon2id and scrypt are all acceptable. OWASP recommends Argon2id for new projects and keeps bcrypt on the accepted list for compatibility with existing systems. If your framework already uses bcrypt, stay with it and increase the cost factor over time. See our password hashing guide for a deeper comparison.