What is Bcrypt?
Bcrypt is a password-hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher. It is currently one of the most secure ways to store passwords in a database because it is "slow" by design—making it extremely resistant to brute-force and rainbow table attacks.
Encryption vs. Hashing
It is a common mistake to call Bcrypt "encryption." In reality, Bcrypt is a one-way hash.
- Encryption is two-way: you can scramble data and then unscramble it with a key.
- Hashing is one-way: you turn a password into a hash, and you can never "decrypt" it back to the original password. To verify a user, you hash their login attempt and see if it matches the stored hash.
Understanding Salt Rounds (Cost Factor)
The "Rounds" setting in our generator controls the "Cost" of the hash. Each increase in the round count doubles the amount of time it takes to compute the hash. This "work factor" is what slows down hackers. For modern 2025 hardware, a round count of 10 to 12 is generally recommended for production applications.
Why use our generator?
Most online Bcrypt generators send your plain-text password to their server to compute the hash. This is a massive security risk. Our tool uses the bcryptjs library to perform all calculations locally in your browser's memory. Your password never leaves your device.