AppDevTools
AppDevTools
/
Cryptography and Security
Bcrypt Generator

Bcrypt Generator

client
double-caret-vertical

Documentation

What is bcrypt?

bcrypt is a secure password hashing function created by Niels Provos and David Mazières in 1999 that makes use of a salt to prevent rainbow attacks. Salt rounds in brcypt can be increased over time when needed to protect bcrypt hashed passwords from brute-force attacks via powerful computing machines in the future. Therefore, bcrypt will remain secure and strong as the technology is developed.

Below is an example of the word Let's use bcrypt hashed using bcrypt.

$2a$10$T4ImbDRHK0L/W8o4LfRp8ObdAw.Wtp1kos8pBIG6nlPCUo1ml8jHi

How to hash a password using bcrypt in Node.js

You can easily hash passwords in Node.js using the JavaScript bcrypt library from npm. If you're using an older version of Node.js, please make sure that the version of bcrypt you install is compatible with it. You can check the compatibility from the bcrypt page on npm.

npm install bcrypt

Once you have installed bcrypt, import it into your script. Basically, there are two methods to hash passwords using bcrypt that you will see in the following examples. Both methods will result in the same value, so use whatever you prefer. Please note that the examples below are run in an async function which is recommended by the bcrypt library.

const bcrypt = require('bcrypt');

const password = 'hX78DbD3uoP2QFCjr1fG';
const saltRounds = 10;

First method - Generates a salt and hash separately.

bcrypt.gelSalt(saltRounds, (err, salt) => {
  bcrypt.hash(password, salt, (err, hash) => {
    // Do something with the hashed password;
    // e.g. save it to a database.
  });
});

Second method - Automatically generates a salt and hash together.

bcrypt.hash(password, saltRounds, (err, hash) => {
  // Do something with the hashed password;
  // e.g. save it to a database.
});

The hashed password will look like the following which cannot be decrypted to the original password but can be verified if it has the same value as the original one.

$2a$10$jdT.1tkS9TZgTb3ak.2UmOnWKB1gXNRyBHrcUr4wgzXDIHhjEZz9e

How to verify a password using bcrypt in Node.js

You can verify if a password matches a bcrypt hash in Node.js using the compare method from the bcrypt library. A boolean result will be returned when the verification process is done.

const bcrypt = require('bcrypt');

const inputPassword = 'hX78DbD3uoP2QFCjr1fG';
const hashedPassword = '$2a$10$jdT.1tkS9TZgTb3ak.2UmOnWKB1gXNRyBHrcUr4wgzXDIHhjEZz9e';

async function verifyPassword(password, hash) {
  // Verifies the input password if it matches the hash
  // using the bcrypt compare method,
  // and return a boolean result accordingly.
  return await bcrypt.compare(password, hash);
}

const matched = await verifyPassword(inputPassword, hashedPassword);

console.log(matched); // true

You can use the returned boolean result to proceed to the next step; e.g. reject the user from logging in if the input password didn't match the hashed one stored in a database or let them in otherwise.

Related Tools

Hash Generator

Generates the hash value of a string instantly and compares against it to check integrity. Supports MD5, SHA-1, SHA-224, SHA-256, SHA-512, SHA-384, SHA-3, and RIPEMD160.

HMAC Generator

Generates an HMAC from a string with a secret key instantly and compares against it to check integrity. Supports MD5, SHA-1, SHA-224, SHA-256, SHA-512, SHA-384, SHA-3, and RIPEMD160.

Checksum Calculator

Quickly calculates the checksum of a file and compares against it on your browser without uploading it. Supports MD5, SHA-1, SHA-224, SHA-256, SHA-512, SHA-384, SHA-3, and RIPEMD160.

Password Generator

Cryptographically generates strong and secure passwords that are difficult to crack with your preference, such as password length, numbers, symbols, lowercase, uppercase, and excluding similar and custom characters.

UUID Generator

Generates one or multiple universally unique identifiers (UUIDs) instantly. Supports version 1 (timestamp) and version 4 (random) UUIDs and optional uppercase and braces.

Share