Bcrypt Generator
Generate secure Bcrypt password hashes locally. Features benchmark testing, hash verification, and visual breakdown of hash components.
Higher = More Secure but Slower. Recommended: 10-12.
This test runs hashing cycles on your specific device to determine latency.
| Cost | Time (ms) | Rating |
|---|---|---|
| Ready to start... | ||
About
Security relies on defense in depth, and password storage is a critical layer. This tool generates Bcrypt hashes entirely within your browser using JavaScript, ensuring plain-text credentials never traverse a network. Developers often underestimate the impact of the Work Factor (Cost) on server performance. A cost that is too high renders a system vulnerable to Denial of Service (DoS) attacks, while a cost that is too low exposes it to brute-force offline cracking.
The standard Bcrypt algorithm implements key stretching to resist hardware-accelerated attacks. Unlike fast hashing functions like MD5 or SHA-256, Bcrypt remains computationally expensive by design. The Salt Rounds parameter determines the logarithmic iteration count, meaning an increment of 1 doubles the required processing time. This tool provides real-time benchmarking to calibrate this setting for your specific hardware context.
Formulas
A Bcrypt hash string encodes the algorithm, cost, salt, and hash into a single modular crypt format (MCF) string.
Where the structure is defined as:
Reference Data
| Cost Factor (N) | Iterations (2N) | Est. Time (Modern CPU) | Use Case Context |
|---|---|---|---|
| 8 | 256 | ~10 ms | Legacy / IoT Devices |
| 10 | 1,024 | ~50 ms | Default Web Standard |
| 12 | 4,096 | ~250 ms | High Security Auth |
| 14 | 16,384 | ~1,000 ms | Admin/Root Access |
| 15 | 32,768 | ~2-3 s | Paranoid / Cold Storage |