BCrypt Generator

BCrypt is the right answer when someone asks how to store passwords. Unlike MD5 or SHA, BCrypt is intentionally slow — it's designed to require significant computation to produce a hash, which means that even if an attacker gets hold of your hashed password database, cracking individual passwords takes far longer than it would with a fast hash function.

The slowness is controlled by a "cost factor" or "work factor" — a number that determines how many iterations of the hashing algorithm run before producing output. BCrypt Generator lets you set this factor, typically between 10 and 14 for most applications. Cost factor 10 means 2^10 = 1024 iterations. Cost factor 12 means 4096. Each increment of the cost factor doubles the computation time. As hardware gets faster, increasing the cost factor keeps BCrypt appropriately difficult to brute-force.

BCrypt also incorporates a salt automatically. A salt is random data added to the input before hashing, ensuring that two users with the same password end up with completely different hash values. This prevents rainbow table attacks, where attackers precompute hashes for common passwords and look them up rather than computing them individually.

The output format includes the algorithm version, cost factor, and the salt embedded directly in the hash string — making BCrypt hashes self-contained and portable. Most modern authentication libraries and frameworks support BCrypt natively. This tool is useful for generating test hashes, verifying that a plaintext password matches a stored hash during debugging, and understanding how the cost factor affects output format and computation time.