DNS Checker.eu

Password Encryption

Hash a password or any text with bcrypt, SHA-256 and MD5 directly in your browser - nothing you type is ever sent to a server.

Password hashing playground

Everything on this page is computed inside your browser - the password is never transmitted or stored. Still, prefer test values over real credentials.

About Password Encryption

Every calculation on this page happens locally in your browser using the Web Crypto API and in-page JavaScript, so the text you enter never leaves your device and is never stored. That makes it a safe place to experiment: type a value and its SHA-256 digest updates live as you type, then compute a bcrypt hash on demand. Even so, it is good practice to try test values rather than real production credentials.

bcrypt is a deliberately slow, salted password-hashing function. It generates a fresh random salt for every hash and embeds it in the output, so hashing the same password twice produces two different strings - exactly what you want when storing credentials, because it defeats precomputed rainbow tables. The cost factor, adjustable from 4 to 15, controls how much work each hash takes; every increment doubles it, letting you tune the difficulty against brute-force attacks. The result is the standard modular-crypt string that verification libraries expect.

Alongside bcrypt the tool shows two fast digests for comparison: SHA-256, computed with the browser's native crypto.subtle, and MD5. These are unsalted and extremely fast, which is precisely why they are unsuitable for storing passwords - an attacker can try billions of guesses per second against them. They are included for file and string checksums, for comparing values, and for illustrating the difference. MD5 in particular is cryptographically broken and shown only for legacy interoperability.

A hash is a one-way transformation: it lets you verify a value later without ever keeping the original in the clear. The practical rule is to match the function to the job - use a slow, salted function like bcrypt for passwords, use SHA-256 for integrity checksums and fingerprints, and treat MD5 as a legacy checksum that carries no security guarantee.

How to use it

  1. 1Type the password or text into the input; a sample value is safer than a real credential.
  2. 2Watch the SHA-256 and MD5 digests appear instantly beneath the field as you type.
  3. 3Set the bcrypt cost between 4 and 15 - higher is slower and stronger - then select Compute bcrypt hash.
  4. 4Copy the resulting bcrypt string, and run it again to see the salt change the output each time.

Common use cases

  • -Generate a bcrypt hash to seed a test user or database fixture without standing up a backend.
  • -Demonstrate why the same password produces a different bcrypt hash on each run.
  • -Produce a SHA-256 checksum of a short string for verification or comparison.
  • -Learn the practical difference between slow salted hashing and fast digests before choosing a scheme.

Frequently asked questions

Is my password sent to a server?
No. All hashing runs entirely in your browser using the Web Crypto API and in-page code. The text you enter never leaves your device and is not logged or stored.
What is bcrypt and why is it used for passwords?
bcrypt is a slow, salted hashing function designed specifically for passwords. Its built-in random salt and adjustable cost factor make precomputed and brute-force attacks impractical, which is why it is suitable for storing credentials.
Why does the same password give a different bcrypt hash each time?
bcrypt generates a fresh random salt for every hash and embeds it in the output, so identical inputs produce different strings. Verification still works because the salt is stored inside the hash itself.
Should I store passwords as SHA-256 or MD5 hashes?
No. Both are fast and unsalted, which makes stored password hashes cheap to brute-force. Use them only for checksums or comparison, and use bcrypt or another slow, salted function for passwords.
What does the bcrypt cost factor do?
The cost factor sets how many rounds bcrypt performs, and each increment doubles the work. A higher cost makes every hash slower to compute, slowing attackers at the cost of more CPU per login.
Is MD5 safe to use?
MD5 is cryptographically broken and must not be used for security. It is offered here only for legacy checksums and interoperability with older systems that still rely on it.