Monu Tools

Bcrypt Generator & Checker

Hash a password with bcrypt and verify a password against a bcrypt hash, entirely in your browser.

How to use the Bcrypt

  1. 01

    Choose Hash to create a hash, or Verify to check one.

  2. 02

    Enter a password, and a hash when verifying.

  3. 03

    Read the bcrypt hash or the match result.

Hash and verify passwords

A bcrypt tool that hashes a password at a cost you choose, and verifies a password against an existing bcrypt hash. Everything runs locally in your browser, so passwords stay on your device.

Why bcrypt for passwords

Bcrypt is an adaptive password-hashing function designed specifically for storing passwords. Unlike a fast hash such as SHA-256, it is deliberately slow and includes a built-in salt, which is exactly what you want when defending stored passwords.

The cost factor

The cost factor (the rounds) sets how much work each hash takes. Every extra round doubles the computation, so raising the cost makes large-scale brute-force and GPU attacks far slower, while a single login stays fast enough. A value of 10 to 12 is a common choice.

Salt and verification

Bcrypt mixes a random salt into every hash, so the same password produces a different hash each time. That defeats precomputed rainbow tables, and verification still works because the salt is stored inside the hash itself.

To check a password, the verify mode reads the salt and cost out of the stored hash, hashes the candidate the same way, and compares, which is why you only need the hash and the password, not the original salt.

Security note

Hashing and verifying run entirely in your browser, so nothing is uploaded. Even so, avoid pasting real production passwords on a shared computer.

Frequently asked questions

What are rounds?

The cost factor: each extra round doubles the work needed to compute the hash, making brute-force attacks slower. 10 to 12 is a common choice.

Why is the same password's hash different each time?

Bcrypt includes a random salt in every hash, so the output differs even for the same password. Verification still works because the salt is stored inside the hash.

Is this safe to use?

Hashing runs entirely in your browser, so passwords are not uploaded. Still, avoid pasting real production passwords on shared computers.

What cost factor should I choose?

10 to 12 suits most applications. Higher is more resistant to brute force but slower for every login, so balance security against the delay users will accept.

Is bcrypt better than SHA-256 for passwords?

Yes. SHA-256 is fast, which helps attackers guess passwords quickly. Bcrypt is deliberately slow and salted, which is what password storage needs.

Sources

Embed this tool

Add this tool to your own website. Copy the snippet below; it stays up to date automatically.

<iframe src="https://monu.tools/embed/en/bcrypt-generator" width="100%" height="640" style="border:1px solid #e5e5e5;border-radius:12px;max-width:680px" loading="lazy" title="Monu Tools"></iframe>

Learn more

Related tools