Bcrypt Generator & Verifier
What is Bcrypt?
Bcrypt is a password hashing algorithm designed by Niels Provos and David Mazières in 1999, based on the Blowfish cipher. It was created specifically to replace fast algorithms like MD5 and SHA-1 for password storage, introducing the concept of key stretching or adaptability: the ability to increase computational difficulty as hardware improves.
Unlike traditional cryptographic hashes (SHA-256, SHA-3), bcrypt is not optimized for speed. Quite the opposite: it is designed to be slow and computationally expensive. This makes GPU and ASIC brute force attacks economically unfeasible, since for each password attempt the attacker must execute thousands of Blowfish iterations.
Bcrypt is the most widely used password hashing algorithm in the world. It is built into frameworks like Laravel, Django, Ruby on Rails, Node.js (bcrypt), Spring Security, and most modern database managers. Linux also supports it in /etc/shadow via $2b$.
Comparison: Bcrypt vs SHA-256 vs MD5 vs Argon2
Not all hash algorithms are suitable for password protection. This table shows why bcrypt and Argon2 outperform SHA-256 and MD5:
| Feature | Bcrypt | SHA-256 | MD5 | Argon2id |
|---|---|---|---|---|
| Purpose | Password hashing | General purpose hash | Obsolete / checksums | Password hashing |
| Built-in salt | ✅ | ❌ | ❌ | ✅ |
| Adaptive cost | ✅ | ❌ | ❌ | ✅ |
| Relative speed | Slow (~10/s) | Very fast (~5B/s) | Very fast (~20B/s) | Configurable |
| GPU resistant | High | Very low | Very low | Very high |
| Input limit | 72 bytes | Unlimited | Unlimited | Unlimited |
| Hash length | 60 caracteres | 64 caracteres | 32 caracteres | Variable |
| Framework standard | Yes (Laravel, Django, Rails, Node.js) | Not for passwords | Deprecated | Emerging (OWASP recommends) |
How does Bcrypt work internally?
Bcrypt combines three key elements that make it secure for passwords:
- Random salt: Each time you generate a hash, bcrypt creates a unique 16-byte (128-bit) salt using a cryptographically secure random number generator. This salt is stored inside the hash itself, meaning identical passwords produce completely different hashes. This eliminates rainbow table attacks.
- Key expansion: Bcrypt converts the password and salt into a 184-bit key using Blowfish's key expansion algorithm (EKS Blowfish), performing 64 initial Blowfish encryption iterations to securely mix the bits.
- Iterative cost factor: The process repeats 2^rounds times. At 10 rounds, that's 1,024 complete Blowfish iterations. Each iteration feeds its result into the next, creating sequential dependency that cannot be efficiently parallelized on GPUs or ASICs.
💡 Key insight: Bcrypt's sequential nature is what makes it resistant to specialized hardware. While MD5 can run on ASICs at 20 billion hashes/second, a bcrypt ASIC at 12 rounds barely reaches ~100,000 hashes/second. That's a 5 order of magnitude difference.
Bcrypt Use Cases
- Password storage in databases: The most common use. On user registration, store the bcrypt hash. On login, compare the entered password against the hash. Never store the original password.
- Linux authentication: Password hashes in
/etc/shadowcan use$2b$(bcrypt) instead of the default$6$(SHA-512), providing better protection against offline attacks. - Secure API tokens: Long-lived tokens can be stored as bcrypt hashes instead of plaintext, so if the database is breached, tokens cannot be reused.
- Application secrets protection: Encryption keys, wallet seed phrases, and other sensitive secrets can be protected with high-round bcrypt (14+) for maximum security.
Best practices for using Bcrypt in production
- Use 10-12 rounds minimum. For new projects, aim for 12 rounds. Measure response time on your server — if it exceeds 500ms, reduce to 11 or 10.
- Don't silently truncate long passwords. Bcrypt has a 72-byte limit. If a user enters a 100-character password, only the first 72 are hashed. Warn the user or use a pre-hash SHA-256 (with collision risk awareness).
- Use $2b$ instead of $2a$. The $2b$ version fixes a $2a$ bug related to non-ASCII character handling and is the current standard in most modern implementations.
- Combine bcrypt with a pepper. Add a static server-side secret (pepper) to the password before hashing. This provides protection even if the database is leaked but the server is not compromised.
- Plan migration to Argon2id. Although bcrypt remains secure in 2026, Argon2id won the PHC (Password Hashing Competition) and offers better ASIC resistance. Consider migrating in new projects.
Related Tools
X.509 Certificate Extractor
Extract information from SSL/TLS certificates in PEM format
Kubernetes TLS Secret Generator
Generate a Kubernetes TLS Secret YAML manifest from PEM certificate and key.
Hash Generator
Calculate SHA-256, SHA-512 and MD5 hashes for large files
DER / PEM Converter
Bidirectional conversion between binary DER and PEM (Base64) format.