Validate bcrypt password hashes and compare them with plain text passwords to verify authentication logic.

Bcrypt is a password hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher. This tool helps you understand bcrypt hash structure, validate existing hashes, and test password verification.

Features

• Hash Analysis: Automatically extracts algorithm version, cost factor, and salt from bcrypt hashes
• Password Comparison: Securely compare plain text passwords against bcrypt hashes
• Password Statistics: View character length and byte length of passwords
• Real-time Validation: Instant feedback on hash format and comparison results
• Browser-based: All validation happens locally in your browser, no data is sent outside!

How to Use

1. Enter a Bcrypt Hash: Paste a bcrypt hash (starts with $2a$, $2b$, or $2y$)
2. View Hash Information: See the algorithm version, cost factor (rounds), and salt
3. Enter a Password: Type the plain text password to compare
4. View Password Stats: See character and byte length of the password
5. Compare: The tool automatically compares the password with the hash and shows if they match

Bcrypt Hash Format

A bcrypt hash has the following structure:

$2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
│  │  │                      │
│  │  │                      └─ Hash (31 chars)
│  │  └─ Salt (22 chars)
│  └─ Cost factor (work factor)
└─ Algorithm identifier ($2a$, $2b$, or $2y$)

• $2a$: Original bcrypt algorithm
• $2b$: Fixed version addressing a bug in the original implementation
• $2y$: PHP-specific bcrypt identifier
• Cost Factor: Number of rounds (2^cost iterations), typically 10-12

Security Note

This tool is designed for testing and development purposes. Never expose real user password hashes or passwords in production environments. Always use secure password hashing in your applications.