All tools

Scrypt Hash (bcrypt alt)

Hash

Hash and verify passwords with scrypt, a bcrypt-alternative memory-hard KDF

Despite the name, this is not bcrypt: it hashes and verifies passwords with scrypt, a different memory-hard key derivation function in the same password-hashing family, tunable via its N cost parameter instead of bcrypt's rounds. Hashing runs entirely in your browser using a from-scratch scrypt implementation, so passwords never leave your machine, and the stored hash format (`$scrypt$N=...,r=8,p=1$<salt>$<hash>`) is self-describing so verification later doesn't need you to remember which cost you used. This mirrors the REST API's `/v1/tools/bcrypt-alt` endpoint, which also uses scrypt rather than actual bcrypt under the hood.

scryptpasswordhashkdf

How to use Scrypt Hash (bcrypt alt)

  • 1.Enter a plaintext password and pick a cost (scrypt N parameter) to generate a scrypt hash.
  • 2.Paste an existing scrypt hash and a candidate password on the Verify tab to check whether they match.
  • 3.Store the full `$scrypt$...` string as-is — it already encodes the cost and salt needed to verify later.

Frequently asked questions

Is this actual bcrypt?
No. Despite the name (matching the REST endpoint it mirrors), this uses scrypt, a different memory-hard key derivation function in the same family as bcrypt, not bcrypt itself. For real bcrypt, use the Bcrypt tool.
Is my password sent to a server?
No — hashing and verification both run entirely in your browser using a from-scratch scrypt implementation; your password never leaves your machine.
What cost should I use?
16384 is a reasonable default. Higher N values are slower to compute and more resistant to brute-force attacks, at the cost of more CPU/memory per hash. Cost is capped at 131072.
Should I use this for production password storage?
This tool is for testing and understanding scrypt-based hashing. Production password storage should happen server-side with a properly maintained library and secure key handling.

Use via API, SDK, or MCP

cURL# Free: 1,000 req/day · Pro: 10,000 req/day
curl -X POST https://api.utilix.tech/v1/tools/bcrypt-alt \
  -H "Authorization: Bearer utx_live_..." \
  -H "Content-Type: application/json" \
  -d '{"input": "my-secret-password", "action": "hash", "cost": 16384}'

Despite the slug name, this endpoint uses scrypt, not real bcrypt — see the FAQ on the tool page.

Get an API key from your dashboard · Full API docs →