Bcrypt 해시 생성기
bcrypt로 비밀번호를 해시하고 해시를 검증합니다
Higher rounds = more secure but slower. 10-12 is recommended.
About Bcrypt
Bcrypt is a password-hashing function based on the Blowfish cipher. It incorporates a salt to protect against rainbow table attacks and uses an adaptive cost factor to remain resistant to brute-force attacks as hardware improves.
사용 방법
텍스트 붙여넣기 또는 입력
입력 영역에 텍스트, 코드 또는 데이터를 입력하세요.
옵션 선택
적용할 변환이나 포맷을 선택하세요.
결과 복사
한 번의 클릭으로 출력을 클립보드에 복사하세요.
이 도구를 사용하는 이유
100% 무료
숨겨진 비용도, 프리미엄 등급도 없습니다 — 모든 기능이 무료입니다.
설치 불필요
브라우저에서 완전히 실행됩니다. 소프트웨어를 다운로드하거나 설치할 필요가 없습니다.
프라이빗 & 안전
데이터가 기기 밖으로 나가지 않습니다. 어떤 서버에도 업로드되지 않습니다.
모바일 지원
완전 반응형 — 스마트폰, 태블릿, 데스크톱에서 사용할 수 있습니다.
Bcrypt Password Hashing: Secure Storage Best Practices
Key Takeaways
- Bcrypt is a password hashing function designed to be deliberately slow, making brute-force attacks computationally expensive.
- The cost factor (work factor) controls how many iterations bcrypt performs — increasing it doubles the computation time with each increment.
- All bcrypt hashing runs in your browser — your passwords are never transmitted to any server.
Storing passwords as plain text or simple hashes is a critical security failure. Bcrypt was specifically designed for password hashing, incorporating a built-in salt and an adjustable cost factor that makes it resistant to brute-force and rainbow table attacks. It remains one of the most recommended password hashing algorithms alongside Argon2 and scrypt.
A bcrypt hash with cost factor 12 takes approximately 250ms to compute — making brute-force attacks against millions of passwords impractical.
Computational Cost
Key Concepts
Built-in Salt
Bcrypt automatically generates and embeds a 128-bit random salt in each hash. This means identical passwords produce different hashes, defeating rainbow table attacks entirely.
Cost Factor (Work Factor)
The cost factor determines the number of iterations (2^cost). A cost of 10 means 1,024 rounds. Each increment doubles computation time. Current recommendation is 10–12 for web applications.
Hash Format
Bcrypt hashes follow the format $2b$cost$salt+hash — the algorithm version ($2b$), cost factor, 22-character salt, and 31-character hash are all encoded in the 60-character output string.
Bcrypt vs. Other Algorithms
Bcrypt is CPU-hard but not memory-hard. Argon2 (the Password Hashing Competition winner) adds memory hardness. Scrypt adds both memory and CPU hardness. For most web applications, bcrypt remains a solid choice.
Pro Tips
Use a cost factor of at least 10 (ideally 12) — benchmark on your hardware and choose a cost that takes 200–500ms per hash.
Bcrypt truncates passwords at 72 bytes — for longer passwords, pre-hash with SHA-256 before passing to bcrypt.
Never implement your own bcrypt — use well-tested libraries like bcryptjs (JavaScript) or bcrypt (Python, Ruby, Go).
Increase the cost factor periodically as hardware gets faster — rehash passwords on next login when upgrading.
All bcrypt hash generation is performed entirely in your browser. Your passwords are never transmitted to any server. Note: browser-based bcrypt is slower than native implementations — this tool is intended for testing and education.