AppDevTools

DevTools List

Text Tools

String Utilities

Case Converter

Sort Lines

Diff Checker

Text Editor

JSON Editor

Lorem Ipsum Generator

URL Parser / Query String Splitter

Slug Generator

HTML Stripper

Pastebin

Formatters

HTML Formatter / Minifier

CSS Beautifier / Minifier

JavaScript Beautifier / Minifier

JSON Formatter / Minifier

XML Formatter / Minifier

SQL Formatter / Minifier

Escape and Unescape Tools

HTML Escape / Unescape

JavaScript Escape / Unescape

JSON Escape / Unescape

XML Escape / Unescape

SQL Escape / Unescape

Validators

HTML Validator

JSON Validator

YAML Validator

Credit Card Validator

Regular Expression Tester

Cryptography and Security

Hash Generator

HMAC Generator

Checksum Calculator

Password Generator

Bcrypt Generator / Checker

UUID Generator

Encoders and Decoders

URL Encoder / Decoder

HTML Entity Encoder / Decoder

Base32 Encoder / Decoder

Base58 Encoder / Decoder

Base64 Encoder / Decoder

Base64 Image Encoder / Decoder

JWT Decoder

Converters

JavaScript / JSON Converter

CSV / JSON Converter

JSON / XML Converter

JSON / PHP Array Converter

Text / HEX Converter

Base Converter

Unit Converter

UNIX Timestamp Converter

Image Tools

Color Picker

QR Code Generator

QR Code Reader

EXIF Viewer

Network Tools

My IP

IP Lookup

IP / Number Converter

CIDR / IP Converter

WHOIS Lookup

About

Contact

Cryptography and Security

Bcrypt Generator / Checker

client

Generate

Check

Input String

Salt Rounds

Output Bcrypt Hash

Documentation

What is bcrypt?

bcrypt is a secure password hashing function created by Niels Provos and David Mazières in 1999 as an improved password hashing function based on Blowfish that makes use of a salt to prevent rainbow attacks. Salt rounds in brcypt can be increased over time to protect bcrypt hashed passwords from brute-force attacks via powerful computing machines in the future.

This is an outstanding feature of bcrypt compared to other password hashing functions. In other words, bcrypt will remain secure and strong even if computing machines become more powerful.

Below is an example of the word Let's use bcrypt hashed using bcrypt.

$2a$10$T4ImbDRHK0L/W8o4LfRp8ObdAw.Wtp1kos8pBIG6nlPCUo1ml8jHi

Why you should use bcrypt to hash passwords

Although bcrypt takes a longer time to hash a password compared to other hashing functions, the benefit of the slower hashing process is that it will result in a more secure hash.

How to hash a password using bcrypt in Node.js

You can easily hash passwords in Node.js using the JavaScript bcrypt library from npm. If you're using an older version of Node.js, please make sure that the version of bcrypt you install is compatible with it. You can check the compatibility from the bcrypt page on npm.

npm install bcrypt

Once you have installed bcrypt, import it into your script. Basically, there are two methods to hash passwords using bcrypt that you will see in the following examples. Both methods will result in the same value, so use whatever you prefer. Please note that the examples below are run in an async function which is recommended by the bcrypt library.

const bcrypt = require('bcrypt');

const password = 'hX78DbD3uoP2QFCjr1fG';
const saltRounds = 10;

First method - Generates a salt and hash separately.

bcrypt.gelSalt(saltRounds, (err, salt) => {
  bcrypt.hash(password, salt, (err, hash) => {
    // Do something with the hashed password;
    // e.g. save it to a database.
  });
});

Second method - Automatically generates a salt and hash together.

bcrypt.hash(password, saltRounds, (err, hash) => {
  // Do something with the hashed password;
  // e.g. save it to a database.
});

The hashed password will look like the following which cannot be decrypted to the original password but can be verified if it has the same value as the original one.

$2a$10$jdT.1tkS9TZgTb3ak.2UmOnWKB1gXNRyBHrcUr4wgzXDIHhjEZz9e

How to verify a password using bcrypt in Node.js

You can verify if a password matches a bcrypt hash in Node.js using the compare method from the bcrypt library. A boolean result will be returned when the verification process is done.

const bcrypt = require('bcrypt');

const inputPassword = 'hX78DbD3uoP2QFCjr1fG';
const hashedPassword = '$2a$10$jdT.1tkS9TZgTb3ak.2UmOnWKB1gXNRyBHrcUr4wgzXDIHhjEZz9e';

async function verifyPassword(password, hash) {
  // Verifies the input password if it matches the hash
  // using the bcrypt compare method,
  // and return a boolean result accordingly.
  return await bcrypt.compare(password, hash);
}

const matched = await verifyPassword(inputPassword, hashedPassword);

console.log(matched); // true

You can use the returned boolean result to proceed to the next step; e.g. reject the user from logging in if the input password didn't match the hashed one stored in a database or let them in otherwise.

Related Tools

Hash Generator

Generates the hash value of a string instantly and compares against it to check integrity. Supports MD5, SHA-1, SHA-224, SHA-256, SHA-512, SHA-384, SHA-3, and RIPEMD160.

HMAC Generator

Generates an HMAC from a string with a secret key instantly and compares against it to check integrity. Supports MD5, SHA-1, SHA-224, SHA-256, SHA-512, SHA-384, SHA-3, and RIPEMD160.

Checksum Calculator

Calculates the checksum of a file or text and compares against it on your browser without uploading anything. Supports MD5, SHA-1, SHA-224, SHA-256, SHA-512, SHA-384, SHA-3, and RIPEMD160.

Password Generator

Cryptographically generates strong and secure passwords that are difficult to crack with your preference, such as password length, numbers, symbols, lowercase, uppercase, and excluding similar and custom characters.

UUID Generator

Generates one or multiple universally unique identifiers (UUIDs) instantly. Supports version 1 (timestamp) and version 4 (random) UUIDs and optional uppercase and braces.