Bcrypt Hash Generator

VariantCost factor

Bcrypt hash fixtures are generated locally in your browser with the Web Crypto API. The salt and hash body are random — no password is hashed — so the value is fictional and cannot be verified against any plaintext.

Recognizable, clearly-fake bcrypt hashes

Produces the canonical 60-character $2<variant>$<cost>$<salt><hash> shape developers recognize as a password_hash column — perfect for seeding a users table, mock API payloads, and migration or parser tests. The 53-character body (22-char salt plus 31-char hash) draws from the bcrypt Base64 alphabet ./A-Za-z0-9, which is not standard Base64.

This is a format fixture only — it does not run the Blowfish key-setup, so the value will never verify against any plaintext password.

When to use this tool

Reach for a bcrypt fixture when database seeds, auth tests, or documentation need a realistic-looking password hash without exposing a real credential. The $2a$/$2b$/$2y$ prefixes and 10–14 cost factors mirror the shapes developers see in production users tables, so examples read as authentic while staying obviously fictional.

How the randomness works

The 53-character salt-and-hash body draws every character from the 64-character bcrypt Base64 alphabet using crypto.getRandomValues with rejection sampling, so each position is uniformly distributed with no modulo bias. Generation runs entirely in your browser and nothing is sent over the network.

Related tools

API Key JWT TOTP Secret Password