BCrypt Hash Generator

BCrypt hash generator

Generate BCrypt password hashes using PHP's password_hash(), or verify a password against an existing hash. Choose your cost factor.

Work factor: 12

Higher cost = more secure but slower. Cost 10-12 recommended for production. Cost 12 takes ~300ms.

What is BCrypt?

Adaptive hashing

BCrypt is designed to be slow. The cost factor lets you increase work required as hardware gets faster, keeping brute-force attacks expensive over time.

PHP usage

password_hash()

PHP's built-in password_hash() handles salting automatically. Never roll your own implementation — always use password_hash() and password_verify().

Cost factor

Choosing cost

Cost 10 = ~100ms, Cost 12 = ~300ms, Cost 14 = ~1.2s. Choose the highest cost where login stays under 1 second on your server.

Security note

Never use MD5/SHA1

MD5 and SHA1 are designed to be fast — terrible for passwords. Always use BCrypt, Argon2, or scrypt for password hashing.

Related tools

Password Strength Checker
Check entropy and crack time before hashing
Hash Calculator
MD5, SHA1, SHA256 for non-password use cases
PHP Error Explainer
Debug errors from your authentication code
Building secure PHP authentication?

Password hashing, session security, JWT, and OAuth — covered in our PHP developer ebooks and courses.

Browse ebooks → View courses →