Valid bcrypt
- $2b$12$abcdefghijklmnopqrstuv01234567890123456789012345 -> valid
security validator
bcrypt Hash Validator
Validate bcrypt hash formatting and cost factor client-side.
Results
Processing…- Status
- Processing...
- Details
- Processing...
- Cost factor
- Processing...
- Prefix
- Processing...
Rules & checks
Supports $2a/$2b/$2y prefixes.
Checks cost factor is between 04 and 31.
Validates 22-char salt + 31-char hash segment.
Runs fully client-side/offline; no hashes leave the page.
When to use it
- QA seed data or fixtures containing bcrypt hashes
- Validate migration scripts between auth systems
- Sanity-check hashes in support tickets/logs
Tips
- Use cost 10–12 for typical web apps; higher costs slow logins
- Never paste real user hashes into untrusted tools
Examples
Invalid cost
- $2b$99$... -> invalid (cost too high)
Bad length
- $2b$12$short -> invalid format
FAQs
- Is anything uploaded?
- No. Validation stays in your browser and clears on refresh.
- Do you verify the password?
- No. This checks format only; it doesn’t verify against a password.
Related validators
security
API Key & Token Validator
Check common API key/token formats (Stripe, GitHub, AWS, OpenAI, etc.) locally.
security
Password Strength Checker
Score password strength with clear, local checks—length, variety, and guidance without sending data anywhere.
security
Password Entropy Calculator
Estimate password entropy (bits) in-browser to see how length and character sets impact strength.
Format-only; does not verify password correctness or strength.