Bcrypt Hash Verifier

Check if a password matches a bcrypt hash. Supports $2b$ , $2a$ , and $2y$ hashes.

Processed in your browser — no data sent to servers

Password

Bcrypt Hash

How bcrypt verification works

Bcrypt verification does not decrypt the hash. Instead, it extracts the embedded salt from the stored hash, re-hashes the provided password using that salt and the same cost factor, then compares the two results.

This means even with access to the hash, an attacker cannot reverse it to the original password — they would need to guess every possible password and hash each one, which bcrypt's cost factor makes extremely slow.

← Generate a hash Learn more about bcrypt →

What is Bcrypt?

How bcrypt works, salting, and why it is slow by design.

How Many Rounds?

OWASP 2026 recommendations for choosing the right cost factor.

Bcrypt vs Argon2

Which password hashing algorithm should you use in 2026?