Bcrypt password hash generator
Bcrypt is built for storing passwords: slow on purpose, and automatically salted so two identical passwords never produce the same hash.
Why bcrypt instead of a plain hash
A plain SHA hash of a password can be brute-forced fast on modern hardware. Bcrypt is deliberately slow — the cost factor controls exactly how slow — and salts automatically, so the same password never produces the same stored hash twice. That's why it's still a standard choice for storing passwords server-side.
What cost factor should I use?
10–12 is a common default in 2026 — high enough to resist brute-forcing, low enough not to slow down real logins noticeably. Higher costs are more secure but slower to compute on every login.
Can I use this to hash a document or long text?
No — bcrypt truncates input beyond about 72 bytes and is designed specifically for passwords. For general-purpose hashing of text or files, use the SHA hash generator instead.
Is my password sent anywhere?
No — hashing runs entirely in your browser with JavaScript. Nothing is uploaded.
