Password Generator & Hash Tool — MD5, SHA, bcrypt
Generate strong random passwords, compute MD5/SHA hashes, create bcrypt hashes, and verify them — all free, private, and instant in your browser.
MD5 & SHA Hash Generator
Type any text to instantly generate MD5, SHA-1, SHA-256 and SHA-512 hashes. All processing is done locally in your browser.
Hash Verifier
Paste any plain text and its hash to verify they match. Useful for checking MD5 / SHA password hashes, database values or file integrity.
bcrypt Hash Generator
Generate secure bcrypt hashes used by PHP, Laravel, Node.js, and most modern frameworks
Verify bcrypt Hash
Check if a plain text matches a bcrypt hash
What You Can Do
One tool for passwords, hashes, and verification
Generate cryptographically random passwords with custom length, uppercase, lowercase, numbers and symbols. Includes strength rating.
Compute MD5, SHA-1, SHA-256, SHA-512 and bcrypt hashes instantly. Perfect for checking database passwords or verifying file integrity.
Verify any plain text against its MD5, SHA or bcrypt hash. Supports PHP password_hash and Laravel bcrypt output.
Password Generator & Hash Tool — Free & Private
This free tool combines a secure random password generator with a complete hash toolkit. You can generate MD5, SHA-1, SHA-256, SHA-512 and bcrypt hashes, and verify them — all inside your browser with zero data sent to any server.
Frequently Asked Questions
How does the password generator work?
The password generator uses the browser's native Web Crypto API (crypto.getRandomValues) to produce cryptographically secure random values — the same standard used by operating systems and security software.
You can control the length (8-128 characters), and toggle uppercase letters, lowercase letters, numbers and symbols. A strength indicator rates each generated password.
Generate up to 20 passwords at once and copy any of them with a single click.
What is the difference between MD5, SHA-256 and bcrypt?
MD5 and SHA produce a fixed-length fingerprint of any input. They are fast by design and used for file integrity checks, checksums, and non-security-critical identifiers. SHA-256 and SHA-512 are far more collision-resistant than MD5.
bcrypt is a password hashing function intentionally designed to be slow. Its cost factor controls how long hashing takes, making brute-force attacks computationally expensive even with modern hardware.
For storing user passwords in a database, always use bcrypt, Argon2 or scrypt — never raw MD5 or SHA.
What is a bcrypt hash and where is it used?
bcrypt is the default password hashing algorithm in PHP (password_hash), Laravel, Ruby on Rails, Node.js (bcryptjs/bcrypt), Django (with bcrypt backend), and many other frameworks.
A bcrypt hash starts with $2b$10$ followed by 53 characters of salt and hash. The number after $2b$ is the cost factor that controls how slow the hashing is.
This tool generates valid bcrypt hashes with cost 4-14. Cost 10 is the default recommended value for most applications.
Can I verify a PHP password_hash output here?
Yes. PHP password_hash with PASSWORD_DEFAULT or PASSWORD_BCRYPT produces $2y$ or $2b$ hashes that are fully compatible with this verifier.
Paste the plain text password in the plain text field and the hash in the hash field, then click Verify Hash to instantly confirm if they match.
This is useful for debugging login issues, confirming test credentials, or checking hash values stored in a database.
Is my data safe? Does anything get sent to a server?
No data is ever sent to any server. All hashing, password generation and verification runs entirely in your browser using JavaScript.
You can safely paste real passwords and hashes — nothing is logged, stored or transmitted. You can even disconnect from the internet after the page loads and the tool will still work.
The bcrypt library is loaded from a trusted CDN (jsDelivr) the first time you visit, then cached by your browser.
What is the MD5 hash tool for?
MD5 is widely used for checksums, file integrity verification, and legacy database lookup. Many older systems still store MD5 hashes of passwords or files.
Type or paste any text and the tool instantly shows its MD5, SHA-1, SHA-256 and SHA-512 hash — useful for comparing checksums, reverse-engineering legacy systems, or generating test data.
Do not use MD5 for new password storage — it is considered cryptographically broken for that purpose.
What cost factor should I use for bcrypt?
The default cost factor of 10 takes roughly 100-300ms to hash on modern hardware, which is the recommended balance between security and user experience for most web applications.
As hardware gets faster, you can increase the cost. Cost 12 is a good choice for applications where you can afford slightly longer login times. Avoid going below 10 for production use.
In this tool you can set cost from 4 (very fast, for testing) to 14 (very slow, maximum security). Higher cost values will take several seconds to complete in the browser.
Can I use the hash verifier for SHA hashes from other tools?
Yes. The hash verifier supports MD5, SHA-1, SHA-256 and SHA-512 hashes generated by any tool — openssl, Linux sha256sum, online tools, or your own code.
Select the correct algorithm pill (MD5 / SHA-1 / SHA-256 / SHA-512), paste the plain text and the expected hash, and the result shows immediately.
Hashes are compared in lowercase so letter case differences in the hash string are handled automatically.