Password Hash Generator / Verifier (PBKDF2)
Generate and verify password hashes with PBKDF2 (Web Crypto API)
How to Use
- Select mode
Choose "Generate" or "Verify" in the toolbar.
- Enter password
For generation, enter a password. For verification, enter a password and an existing hash.
- Run
Click "Convert" to generate or verify the hash. Iteration count can be changed in the toolbar.
Password Hash Generator / Verifier (PBKDF2) Examples
Generate a password hash
password123pbkdf2:100000:base64salt:base64hashA secure hash is generated with the selected iteration count and random salt.
Verify a hash
password123Match: OKUse verify mode to compare a password against an existing hash.
Features
- PBKDF2-SHA-256 password hashing
- Configurable iterations (10,000 / 100,000 / 600,000)
- Auto-generated random salt (16 bytes)
- Hash verification mode for password matching
- Output format: algorithm:iterations:salt:hash
- Local processing (your input is not sent to servers)
- Dark mode support
FAQ
What is the difference between PBKDF2 and bcrypt?
PBKDF2 is an HMAC-based key derivation function natively supported by Web Crypto API. bcrypt is Blowfish-based and not memory-hard but has GPU resistance. Both can safely hash passwords with sufficient iterations.
How many iterations should I use?
OWASP recommends at least 600,000 iterations for PBKDF2-SHA-256. Choose based on the balance between server load and security. Generally 100,000 or more is recommended.
Is my data sent to a server?
No. All hashing is done locally in your browser using the Web Crypto API. Your passwords are never transmitted externally.