bcrypt (recommended)
10 (default)
——Hashing runs entirely in your browser using the Web Crypto-backed libraries — your username and password are never sent anywhere or stored.
——Hashing runs entirely in your browser using the Web Crypto-backed libraries — your username and password are never sent anywhere or stored.
Create htpasswd credentials for Apache and nginx Basic Authentication in seconds. Generate strong bcrypt hashes or legacy SHA-1 lines, copy the full username:hash, or download a ready-to-use .htpasswd file — all 100% in your browser.
htpasswd is the credential format used by HTTP Basic Authentication. A .htpasswd file holds one username:hash entry per line, and web servers such as Apache and nginx consult it to decide who is allowed to reach a protected URL or directory.
Storing the password as a hash — rather than plain text — means a leaked file does not immediately expose the original password. bcrypt is the preferred scheme today because it salts every hash and is intentionally slow, while the older {SHA} scheme remains available for legacy compatibility.
Slow, salted hashes resistant to brute force. Produces the $2y$/$2b$ format Apache and nginx accept.
The classic htpasswd SHA scheme — Base64 of the SHA-1 digest, prefixed with {SHA} for legacy setups.
Tune the bcrypt work factor from 10 to 12 to balance security against verification time on your server.
Output a complete username:hash line you can paste straight into a .htpasswd file.
Copy the line and hash separately, or download a ready-made .htpasswd file in one click.
Every hash is computed in your browser. Your username and password are never transmitted or stored.
Type the credentials you want to protect a directory with. Use the show/hide toggle to verify the password.
Choose bcrypt for the strongest protection, or SHA-1 ({SHA}) when you need compatibility with older tooling.
Leave the cost at 10 for most servers, or raise it to 11–12 for extra resistance to brute-force attacks.
Click Generate, then copy the full username:hash line or download a .htpasswd file ready for your server.
An .htpasswd file stores usernames and hashed passwords for HTTP Basic Authentication. Each line is username:hash, and web servers like Apache and nginx read it to decide who may access a protected directory.
Use bcrypt — it is the recommended default because it is salted and deliberately slow, which makes brute-force attacks expensive. Choose SHA-1 ({SHA}) only when you need compatibility with older systems that do not support bcrypt.
The cost factor controls how much work bcrypt does per hash. Each increment roughly doubles the time it takes. 10 is a sensible default; 11 or 12 add extra protection at the cost of slightly slower logins.
Both prefixes denote the same bcrypt algorithm and are interchangeable. This tool produces $2b$ by default; enable the Apache prefix option to rewrite it to $2y$, which some Apache documentation expects. Either works with modern Apache and nginx.
No. All hashing happens entirely in your browser using bcryptjs and crypto-js. Your username and password never leave your device and nothing is stored.
Copy the username:hash line into your .htpasswd file (or download the file directly), then point your server at it — AuthUserFile in Apache or auth_basic_user_file in nginx — and reload the configuration.
Encrypt and decrypt text using AES encryption algorithm.
Generate MD5, SHA1, SHA256, and other hash values.
Create cryptographically secure random passwords with a live strength meter.
Decode and inspect JWT header, payload, and claims with an expiry check.