Bcrypt-Hash-Generator
Passwörter mit Bcrypt hashen und Hashes verifizieren
Higher rounds improve resistance to brute-force attacks but increase hashing time. For most web apps, 10 to 12 remains a sensible baseline.
Hash wird hier angezeigt...
Weiter mit
Halte den Workflow mit einem passenden n?chsten Schritt in Bewegung.
Privacy & Trust
Adaptive cost factor
Bcrypt deliberately slows hashing with configurable rounds, which helps it age better as commodity hardware gets faster.
Hash, never encrypt
Passwords should be hashed one-way and verified by comparison. They should not be stored in plaintext or reversible encrypted form.
Keep production checks server-side
This browser tool is useful for testing and education, but real auth flows should hash and verify credentials inside your secure application backend.
Export hash
Generate a hash first to enable export.
Verwandte Tools
Hash-Generator
SHA-1-, SHA-256-, SHA-384-, SHA-512-Hashes generieren
Passwortgenerator
Starke, sichere Zufallspasswörter generieren
JWT-Decoder
JSON Web Tokens dekodieren und inspizieren
HMAC-Generator
HMAC-Signaturen mit SHA-256, SHA-384 oder SHA-512 generieren
Token- / Geheimnis-Generator
Zufällige Token, API-Schlüssel und Geheimnisse in verschiedenen Formaten generieren
JSON-Formatter
JSON-Daten formatieren, komprimieren und validieren
Anleitung
Text eingeben oder einfügen
Geben Sie Ihren Text, Code oder Ihre Daten in das Eingabefeld ein.
Optionen auswählen
Wählen Sie die gewünschte Umwandlung oder das Format aus.
Ergebnis kopieren
Kopieren Sie die Ausgabe mit einem Klick in Ihre Zwischenablage.
Warum dieses Werkzeug nutzen
100 % Kostenlos
Keine versteckten Kosten, keine Premium-Stufen — jede Funktion ist kostenlos.
Keine Installation
Läuft vollständig in Ihrem Browser. Keine Software zum Herunterladen oder Installieren.
Privat & Sicher
Ihre Daten verlassen niemals Ihr Gerät. Nichts wird auf einen Server hochgeladen.
Funktioniert auf Mobilgeräten
Vollständig responsiv — nutzbar auf Smartphone, Tablet oder Desktop.
Bcrypt Password Hashing: Secure Storage Best Practices
Key Takeaways
- Bcrypt is a password hashing function designed to be deliberately slow, making brute-force attacks computationally expensive.
- The cost factor (work factor) controls how many iterations bcrypt performs — increasing it doubles the computation time with each increment.
- All bcrypt hashing runs in your browser — your passwords are never transmitted to any server.
Storing passwords as plain text or simple hashes is a critical security failure. Bcrypt was specifically designed for password hashing, incorporating a built-in salt and an adjustable cost factor that makes it resistant to brute-force and rainbow table attacks. It remains one of the most recommended password hashing algorithms alongside Argon2 and scrypt.
A bcrypt hash with cost factor 12 takes approximately 250ms to compute — making brute-force attacks against millions of passwords impractical.
Computational Cost
Key Concepts
Built-in Salt
Bcrypt automatically generates and embeds a 128-bit random salt in each hash. This means identical passwords produce different hashes, defeating rainbow table attacks entirely.
Cost Factor (Work Factor)
The cost factor determines the number of iterations (2^cost). A cost of 10 means 1,024 rounds. Each increment doubles computation time. Current recommendation is 10–12 for web applications.
Hash Format
Bcrypt hashes follow the format $2b$cost$salt+hash — the algorithm version ($2b$), cost factor, 22-character salt, and 31-character hash are all encoded in the 60-character output string.
Bcrypt vs. Other Algorithms
Bcrypt is CPU-hard but not memory-hard. Argon2 (the Password Hashing Competition winner) adds memory hardness. Scrypt adds both memory and CPU hardness. For most web applications, bcrypt remains a solid choice.
Pro Tips
Use a cost factor of at least 10 (ideally 12) — benchmark on your hardware and choose a cost that takes 200–500ms per hash.
Bcrypt truncates passwords at 72 bytes — for longer passwords, pre-hash with SHA-256 before passing to bcrypt.
Never implement your own bcrypt — use well-tested libraries like bcryptjs (JavaScript) or bcrypt (Python, Ruby, Go).
Increase the cost factor periodically as hardware gets faster — rehash passwords on next login when upgrading.
All bcrypt hash generation is performed entirely in your browser. Your passwords are never transmitted to any server. Note: browser-based bcrypt is slower than native implementations — this tool is intended for testing and education.