Password hashing · Client-side

bcrypt File Hash Generator

Upload a file and derive a bcrypt hash without transmitting any content. Tune the cost factor, customise salts, and validate expected hashes directly in the browser. Prefer working with text? Use the bcrypt text tool →

File bcrypt hash

Hash uploaded files with bcrypt using client-side computation. Salts are generated automatically for each hash, and only the first 72 bytes are hashed by the algorithm, so ensure your input fits within bcrypt's limitations.

Choose a file

Upload a file

Click to browse or drag & drop files here

Files never leave your device.

bcrypt is limited to the first 72 bytes; larger files will be truncated by the algorithm.

Cost factor (log rounds)

Increase the cost for stronger resistance to brute force attacks at the expense of longer hashing times.

bcrypt hash

Select a file to produce a bcrypt hash.

Hash validation

Select a file and provide a hash to validate.

bcrypt for files

Although bcrypt is primarily designed for password hashing, the file workflow is handy when you need deterministic hashing of short secrets or configuration files. The cost factor (log rounds) controls the computational effort—each increment doubles the work required for attackers and legitimate verifiers alike.

Salts must be exactly 16 bytes. The generated bcrypt hash bundles both the salt and cost factor, so retaining the hash itself is enough for reproducing the verification flow later.

bcrypt truncates inputs beyond 72 bytes. For larger artifacts or integrity checks, prefer multi-megabyte capable hashers such as SHA-2, SHA-3, BLAKE2, or BLAKE3.

Why insist on random salts?

A random salt guarantees that hashes of identical files diverge, blocking attackers from bulk-identifying shared secrets or leveraging precomputed rainbow tables. Unique salts also force adversaries to brute-force each hash independently, dramatically raising the cost of offline cracking even when the inputs are predictable or reused.

How many rounds should I use?

12 rounds is the widely recommended floor for production systems. Increasing the cost raises the time needed to compute a hash, so select a value that aligns with your security posture and acceptable latency budget.

Is this tool secure?

All hashing is executed entirely within your browser courtesy of the bcryptjs library. No file data or hashes leave your device or touch external services.

Can I use this in production?

This UI is intended for experimentation and demonstrations. For real-world deployments, wire bcrypt directly into your backend with a trusted library so you can enforce operational safeguards and compliance controls.