Password Hasher
Hash and verify passwords with bcrypt, Argon2, PBKDF2, and scrypt
Iterations: 2^10 = 1,024
Password hashing converts passwords into fixed-length strings that cannot be reversed. Modern algorithms are designed to be slow and memory-intensive to resist brute-force attacks.
bcrypt
Industry standard since 1999. Adaptive cost factor. Widely supported.
Argon2
Winner of 2015 Password Hashing Competition. Memory-hard. Most secure.
PBKDF2
NIST recommended. Uses HMAC internally. Good compatibility.
scrypt
Memory-hard algorithm. Designed to be expensive on hardware.
Note: This tool uses browser-compatible approximations. For production use, use server-side implementations with native libraries (e.g., bcrypt for Node.js, passlib for Python).
Features
- Hash passwords with bcrypt, Argon2, PBKDF2, scrypt
- Verify passwords against existing hashes
- Configure cost factors and parameters
- Auto-detect hash format for verification
- Copy generated hashes with one click
- View hashing time for performance tuning
Frequently Asked Questions
Which algorithm should I use?
Argon2id is the most secure and recommended for new applications. bcrypt is widely supported and battle-tested. PBKDF2 is NIST recommended and has good compatibility. scrypt is memory-hard and resistant to hardware attacks.
What cost factor should I use for bcrypt?
A cost factor of 10-12 is recommended for most applications. Higher values are more secure but slower. The hash should take 100-500ms to compute on your server.
Is this secure for production use?
This tool uses browser-compatible approximations for demonstration. For production, use server-side libraries like bcrypt for Node.js, passlib for Python, or password_hash() in PHP.
Can I verify hashes from other systems?
The verification works with hashes generated by this tool. Real bcrypt/Argon2 hashes from other systems may not verify correctly due to implementation differences.