Skip to content
DevKit Labs

Bcrypt & Argon2 Hash Generator and Verifier

Hash passwords with bcrypt or Argon2id and verify them against a hash — entirely in your browser.

Hashing runs entirely in your browser via WebAssembly — nothing is uploaded.

About Bcrypt & Argon2 Hash Generator and Verifier

Generate and verify password hashes with the two algorithms recommended for password storage: bcrypt and Argon2id. Enter a password, pick your work factor, and get a self-contained hash string (the salt and parameters are embedded, so you store just that one string). Switch to Verify mode to check whether a password matches an existing bcrypt or Argon2 hash.

Both algorithms are deliberately slow and salted to resist brute-force and rainbow-table attacks. bcrypt's cost factor doubles the work per increment (10 ≈ 1024 rounds); Argon2id adds tunable memory-hardness (memory size and iterations) that makes GPU/ASIC cracking far more expensive. Argon2id won the Password Hashing Competition and is the modern first choice; bcrypt remains a solid, ubiquitous option.

Everything runs in your browser via WebAssembly — passwords and hashes are never uploaded. Use it to generate test fixtures, verify a login hash, or compare cost settings. For production, hash on your server and pick a cost that takes roughly 250–500 ms on your hardware.

bcrypt hash

Input
password: correct-horse, cost: 10
Output
$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy

The $2a$10$ prefix encodes the algorithm and cost; the rest is salt + hash.

Frequently asked questions

Is my password sent anywhere?

No. Hashing and verification run entirely in your browser using a WebAssembly build — nothing is uploaded or stored.

Should I use bcrypt or Argon2?

Argon2id is the current recommendation (memory-hard, tunable) and won the Password Hashing Competition. bcrypt is older but still secure and extremely widely supported. Either is fine; pick what your framework supports.

What cost factor or memory should I use?

Choose settings that take roughly 250–500 ms on your server hardware. For bcrypt that's often cost 10–12; for Argon2id, ~64 MiB memory with a few iterations. Higher is safer but slower.

Do I need to store the salt separately?

No. Both bcrypt and Argon2 encode the salt and parameters inside the hash string, so you store and compare just that single value.

Why does the same password give a different hash each time?

Each hash uses a fresh random salt, so outputs differ — that's intended. Verification still works because the salt is embedded in the hash.

Related tools

References