Generate bcrypt hashes with adjustable cost factor and verify passwords against existing hashes — all in your browser using bcryptjs.
Bcrypt is an adaptive password hashing function based on the Blowfish cipher. The cost factor controls how many iterations are run (2cost), letting you trade speed for resistance to brute-force attacks. A bcrypt hash always starts with a version prefix ($2a$, $2b$, or $2y$), followed by the cost, then a 22-character base64 salt, then a 31-character base64 digest — for a total of 60 characters.
| Cost | Iterations | Typical use |
|---|---|---|
| 4 | 16 | Tests only |
| 8 | 256 | Old defaults |
| 10 | 1,024 | Common default |
| 12 | 4,096 | Stronger production |
| 14 | 16,384 | High-security |