Bcrypt Hash Generator

What is Bcrypt?

Bcrypt is a password hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher. It incorporates a salt to protect against rainbow table attacks and is adaptive, meaning it can be made slower as computational power increases.

How It Works

Bcrypt uses a technique called key stretching, making the hashing process deliberately slow. This makes it computationally expensive for attackers to crack passwords through brute force attacks.

Cost Factor (Rounds)

The cost factor determines how slow the hash function will be. Each increment doubles the computation time. A cost of 12 is currently recommended for most applications, providing a good balance between security and performance.

Security Benefits

• Adaptive function - cost can be increased as hardware improves
• Built-in salt generation prevents rainbow table attacks
• Deliberately slow to prevent brute force attacks
• Battle-tested and widely adopted in the industry

PHP Example

// Generate hash
$password = "mySecretPassword";
$hash = password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]);

// Verify password
if (password_verify($password, $hash)) {
    echo "Password is valid!";
}

Node.js Example

// Generate hash
const bcrypt = require('bcrypt');
const saltRounds = 12;
const hash = await bcrypt.hash('mySecretPassword', saltRounds);

// Verify password
const isValid = await bcrypt.compare('mySecretPassword', hash);