Hash passwords with bcrypt and verify existing hashes — entirely in your browser.
Bcrypt is an adaptive password-hashing algorithm designed by Niels Provos and David Mazières in 1999. Unlike MD5 or SHA, bcrypt is intentionally slow — the cost factor controls the number of iterations (2cost), making brute-force attacks exponentially harder as hardware improves.
Cost 10 is the minimum recommended. Cost 12 is a safe default for most applications in 2026. Cost 14+ is for high-security contexts and will be noticeably slow (several seconds). Never store passwords in plaintext — always use a slow hash like bcrypt, Argon2, or scrypt.
This tool runs entirely in your browser using the bcryptjs library. Your password is never sent to any server.