Bcrypt generator and checker

Bcrypt is an adaptive password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher. It is specifically designed to protect passwords and includes a "salt" to protect against rainbow table attacks.

To create a hash, enter the text in the top form and select the number of rounds (cost). To verify, enter the text and the hash in the bottom form — the tool will instantly let you know if the text matches the given hash.

• Salt Rounds: determines the computational complexity. The recommended value is 10.
• Security: all calculations take place locally in your browser.

• Text "password" (rounds 10): $2y$10$92IXAU6mg7STW3aGWituOuZGUp867uXdhRWMWnL.n7HbrMmTvWmW2 (example)
• Verification: bcrypt automatically extracts the salt from the hash, so you don't need to enter it separately for comparison.

Bcrypt generation is a resource-intensive operation by design. A high number of rounds (e.g., >15) can lead to a noticeable delay in your browser. We use asynchronous calls so as not to block the interface.

• Why is the hash different every time? Bcrypt uses a random salt for each hashing operation. This is normal and makes the algorithm secure.
• Can bcrypt be decoded? No, it is a one-way function. A password can only be recovered by brute force.
• What is $2y$? It is an algorithm identifier in PHP and other systems, indicating the correct processing of 8-bit characters.