Générateur de Hash Bcrypt

Générez et vérifiez les hashs bcrypt pour le stockage sécurisé des mots de passe. Utilisez des facteurs de coût adaptatifs pour un hachage robuste contre les attaques par force brute.

Générer un Hash

Générer un hash bcrypt à partir de votre texte. Des rounds plus élevés offrent une meilleure sécurité mais prennent plus de temps à traiter.
Maximum 1000 characters
Fast (4) Élevé Secure (15)
Higher rounds increase security but take longer to compute. 12 rounds is recommended for most applications.

Vérifier un Hash

Vérifier si un hash bcrypt correspond au texte original.

About Bcrypt Hashing

What is Bcrypt?

Bcrypt is a password hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher. It incorporates a salt to protect against rainbow table attacks and is adaptive, meaning it can be made slower as computational power increases.

How It Works

Bcrypt uses a technique called key stretching, making the hashing process deliberately slow. This makes it computationally expensive for attackers to crack passwords through brute force attacks.

Cost Factor (Rounds)

The cost factor determines how slow the hash function will be. Each increment doubles the computation time. A cost of 12 is currently recommended for most applications, providing a good balance between security and performance.

Security Benefits
  • Adaptive function - cost can be increased as hardware improves
  • Built-in salt generation prevents rainbow table attacks
  • Deliberately slow to prevent brute force attacks
  • Battle-tested and widely adopted in the industry

Usage Examples

PHP Example
// Generate hash
$password = "mySecretPassword";
$hash = password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]);

// Verify password
if (password_verify($password, $hash)) {
    echo "Password is valid!";
}
Node.js Example
// Generate hash
const bcrypt = require('bcrypt');
const saltRounds = 12;
const hash = await bcrypt.hash('mySecretPassword', saltRounds);

// Verify password
const isValid = await bcrypt.compare('mySecretPassword', hash);

Security Best Practices

Rounds Selection
  • Use at least 12 rounds for production systems
  • Test performance on your hardware before deploying
  • Consider increasing rounds as hardware improves
General Security
  • Never store plain text passwords
  • Always use bcrypt for password hashing
  • Implement proper rate limiting for authentication
  • Use additional security measures like 2FA