Bcrypt.tools - Bcrypt Hash Generator and Verifier Tool

Easily generate and verify bcrypt hashes for your passwords and sensitive data online.

Encrypt

Generate a secure bcrypt hash from any plaintext for enhanced password protection.

Verify

Verify if a plaintext matches a specific bcrypt hash, ensuring secure login validation.

FAQ - Frequently Asked Questions

Why Bcrypt?

Bcrypt is a password-hashing function designed to build a cryptographic hash of your data, turning plain text into a secure string that protects against hacking. This tool helps you easily generate and verify bcrypt hashes for your passwords and sensitive information, enhancing your data's security.

Utilizing a salt to prevent rainbow table attacks and employing a work factor to adjust the difficulty of hash calculations, bcrypt offers a robust solution for securing user credentials and other sensitive data.

Insights on Hashing Rounds

Key considerations about computational cost: When hashing your data, the algorithm performs multiple iterations, or "rounds," to produce a secure hash. The number you input does not directly correspond to the iterations, but rather, the algorithm executes 2^rounds hashing iterations based on this value.

As per @garthk, on a 2GHz core, you can approximately expect:

rounds=8: ~40 hashes/sec

rounds=9: ~20 hashes/sec

rounds=10: ~10 hashes/sec

rounds=11: ~5 hashes/sec

rounds=12: 2-3 hashes/sec

rounds=13: ~1 hash/sec

rounds=14: ~1.5 hash/sec

rounds=15: ~3 hashes/sec

rounds=25: ~1 hour/hash

rounds=31: 2-3 days/hash

Hash Details

The final hash consists of characters from this set:
./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789$
Each generated hash will have a length of 60 characters, embedding the salt and additional parameters in the format:

$[algorithm]$[cost]$[salt][hash]

  • The prefix, like "$2a$" or "$2b$", denotes BCrypt.
  • The cost factor (n) indicates the number of iterations, 2^n.
  • A 16-byte (128-bit) salt, converted to 22 characters when base64 encoded.
  • A 24-byte (192-bit) hash, resulting in 31 characters once base64 encoded.

Example Explained: Consider the BCrypt hash $2b$10$nOUIs5kJ7naTuTFkBy1veuK0kSxUFXfuaOKdOKf9xYT0KKIGSJwFa. This hash is structured as follows:

  • Hash-algorithm identifier: $2b$ (denotes BCrypt)
  • Cost-factor: 10 (equivalent to 2^10 iterations)
  • Salt: nOUIs5kJ7naTuTFkBy1veu
  • Hash-value: K0kSxUFXfuaOKdOKf9xYT0KKIGSJwFa

What is Password Hashing?

Password hashing is a security technique used to transform a password into a fixed-size string of characters, which is designed to be impossible to reverse. It helps protect the password's original text while verifying user credentials without storing the actual password.

What is Password Hashing Competition?

The Password Hashing Competition (PHC) was a project aimed at identifying new, secure, and efficient password hashing schemes to improve password storage security. It encouraged the development and review of hashing algorithms to withstand advances in hacking techniques.

Relevant Links