Back to tools

Bcrypt Generator & Verifier

What is Bcrypt?

Bcrypt is a password hashing algorithm designed by Niels Provos and David Mazières in 1999, based on the Blowfish cipher. It was created specifically to replace fast algorithms like MD5 and SHA-1 for password storage, introducing the concept of key stretching or adaptability: the ability to increase computational difficulty as hardware improves.

Unlike traditional cryptographic hashes (SHA-256, SHA-3), bcrypt is not optimized for speed. Quite the opposite: it is designed to be slow and computationally expensive. This makes GPU and ASIC brute force attacks economically unfeasible, since for each password attempt the attacker must execute thousands of Blowfish iterations.

Bcrypt is the most widely used password hashing algorithm in the world. It is built into frameworks like Laravel, Django, Ruby on Rails, Node.js (bcrypt), Spring Security, and most modern database managers. Linux also supports it in /etc/shadow via $2b$.

Comparison: Bcrypt vs SHA-256 vs MD5 vs Argon2

Not all hash algorithms are suitable for password protection. This table shows why bcrypt and Argon2 outperform SHA-256 and MD5:

Feature Bcrypt SHA-256 MD5 Argon2id
Purpose Password hashing General purpose hash Obsolete / checksums Password hashing
Built-in salt
Adaptive cost
Relative speed Slow (~10/s) Very fast (~5B/s) Very fast (~20B/s) Configurable
GPU resistant High Very low Very low Very high
Input limit 72 bytes Unlimited Unlimited Unlimited
Hash length 60 caracteres 64 caracteres 32 caracteres Variable
Framework standard Yes (Laravel, Django, Rails, Node.js) Not for passwords Deprecated Emerging (OWASP recommends)

How does Bcrypt work internally?

Bcrypt combines three key elements that make it secure for passwords:

  1. Random salt: Each time you generate a hash, bcrypt creates a unique 16-byte (128-bit) salt using a cryptographically secure random number generator. This salt is stored inside the hash itself, meaning identical passwords produce completely different hashes. This eliminates rainbow table attacks.
  2. Key expansion: Bcrypt converts the password and salt into a 184-bit key using Blowfish's key expansion algorithm (EKS Blowfish), performing 64 initial Blowfish encryption iterations to securely mix the bits.
  3. Iterative cost factor: The process repeats 2^rounds times. At 10 rounds, that's 1,024 complete Blowfish iterations. Each iteration feeds its result into the next, creating sequential dependency that cannot be efficiently parallelized on GPUs or ASICs.

💡 Key insight: Bcrypt's sequential nature is what makes it resistant to specialized hardware. While MD5 can run on ASICs at 20 billion hashes/second, a bcrypt ASIC at 12 rounds barely reaches ~100,000 hashes/second. That's a 5 order of magnitude difference.

Bcrypt Use Cases

  • Password storage in databases: The most common use. On user registration, store the bcrypt hash. On login, compare the entered password against the hash. Never store the original password.
  • Linux authentication: Password hashes in /etc/shadow can use $2b$ (bcrypt) instead of the default $6$ (SHA-512), providing better protection against offline attacks.
  • Secure API tokens: Long-lived tokens can be stored as bcrypt hashes instead of plaintext, so if the database is breached, tokens cannot be reused.
  • Application secrets protection: Encryption keys, wallet seed phrases, and other sensitive secrets can be protected with high-round bcrypt (14+) for maximum security.

Best practices for using Bcrypt in production

  1. Use 10-12 rounds minimum. For new projects, aim for 12 rounds. Measure response time on your server — if it exceeds 500ms, reduce to 11 or 10.
  2. Don't silently truncate long passwords. Bcrypt has a 72-byte limit. If a user enters a 100-character password, only the first 72 are hashed. Warn the user or use a pre-hash SHA-256 (with collision risk awareness).
  3. Use $2b$ instead of $2a$. The $2b$ version fixes a $2a$ bug related to non-ASCII character handling and is the current standard in most modern implementations.
  4. Combine bcrypt with a pepper. Add a static server-side secret (pepper) to the password before hashing. This provides protection even if the database is leaked but the server is not compromised.
  5. Plan migration to Argon2id. Although bcrypt remains secure in 2026, Argon2id won the PHC (Password Hashing Competition) and offers better ASIC resistance. Consider migrating in new projects.