CyberChef
Bookmarks

Bcrypt

Generate secure password hashes with bcrypt, a cryptographic hashing algorithm. Safely hash passwords, compare hashes, and analyze bcrypt hash components. Built on the Blowfish cipher for enhanced security and protection against brute-force attacks.

Hash
Compare
Parse
Generated hash will appear here...

Frequently Asked Questions

What is Bcrypt?

Bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher. It's specifically designed for password hashing, incorporating a salt to protect against rainbow table attacks, and is deliberately slow to compute to resist brute-force attacks.

What is a salt count/rounds?

The salt count (or rounds) in bcrypt determines how many iterations the hashing algorithm performs. A higher salt count makes the hash generation slower and more secure against brute-force attacks. Each increment of the salt count doubles the time required to compute a hash. The recommended value is typically 10-12 for most applications.

How do I use this tool?

This tool has three main functions available as tabs:

Hash Tab:

  1. Enter the text string (e.g., a password) you want to hash
  2. Adjust the salt rounds (higher = more secure but slower)
  3. Click "Generate Hash" to create a bcrypt hash
  4. Use "Copy hash" to copy the result to your clipboard

Compare Tab:

  1. Enter the original text string (e.g., a password)
  2. Paste a previously generated bcrypt hash
  3. Click "Check match" to verify if they match
  4. The result will show whether the password matches the hash

Parse Tab:

  1. Paste a bcrypt hash into the textarea
  2. The tool will automatically analyze and break down the hash into its components:
    • Format Version: The bcrypt algorithm version (usually "2a", "2b", or "2y")
    • Cost (Rounds): The computational work factor
    • Salt: The random salt used in the hash generation
    • Hash: The actual hashed output
Why is Bcrypt good for password storage?

Bcrypt is ideal for password storage for several reasons:

  • It automatically generates and incorporates a random salt
  • It is computationally intensive by design (with configurable work factor)
  • The algorithm can be made slower over time as computing power increases
  • It's resistant to rainbow table attacks
  • It produces consistent, reliable output across platforms
How secure is my data when using this tool?

All processing with this tool happens locally in your browser. Your passwords or data are never sent to any server, and no data is stored. The entire hashing and comparison process occurs on your device, ensuring your sensitive information remains private and secure.