Password Hasher — PBKDF2-SHA256

Securely hash and verify passwords using PBKDF2-SHA256 with auto-generated salt. Includes benchmark to tune iteration count. 100% client-side.

Password
Password strength: —
Iterations
Output Hash (PBKDF2-SHA256)
Click "Generate Hash" to create a PBKDF2 hash.
Enter a password and click "Generate Hash" to create a PBKDF2-SHA256 hash.

How to Use the Password Hasher

  1. Hash mode — enter a password, choose iteration count, click "Generate Hash". Copy the output string to store in your database.
  2. Verify mode — paste the stored hash string and enter the password. The tool re-derives the key with the same salt and iterations and checks if they match.
  3. Benchmark mode — run a benchmark to see how long each iteration count takes on your current device. This helps you choose a safe iteration count for your server hardware.

Why PBKDF2 Instead of Bcrypt?

Bcrypt is an excellent password hashing algorithm but it requires native code and is not available in the browser's Web Crypto API. PBKDF2 (Password-Based Key Derivation Function 2), defined in RFC 8018, is a NIST-approved alternative that is built into the Web Crypto API and is natively supported by virtually every programming language and framework.

PBKDF2 is not considered inferior to bcrypt for most use cases. It is used by WPA2 Wi-Fi authentication, macOS Keychain, iOS data protection, and Django's default password hasher. With a high iteration count (600,000+), it provides strong resistance to brute-force attacks. The main practical difference is that bcrypt and Argon2 are specifically designed to be memory-hard, making them somewhat more resistant to GPU-based attacks. For typical web applications, PBKDF2 with 310K–600K iterations is considered strong and is NIST-approved.

Output Format

This tool uses a self-contained hash string format: pbkdf2$sha256$ITERATIONS$SALT_HEX$HASH_HEX. This format encodes everything needed to verify the password: the algorithm (PBKDF2-SHA256), the iteration count, the random salt, and the derived key. You store this entire string in your database. No separate salt column is needed. This is the same approach used by Django, Passlib, and many other frameworks.

Choosing Iteration Count

The NIST recommended minimum as of 2023 is 600,000 iterations for PBKDF2-SHA256 (from NIST SP 800-132). Higher is better, but the practical limit is the impact on user experience. A hash that takes 500ms on your server is acceptable for login. One that takes 3 seconds is not. Use the Benchmark tab to measure performance on your current machine, then test on your server hardware to calibrate the right value. As hardware gets faster, consider increasing the iteration count in new hashes (old hashes stored with lower iterations continue to work since the count is stored in the hash string).

Password Strength Meter

The strength meter uses entropy estimation based on password length and character variety (lowercase, uppercase, digits, symbols). It is a guide only — a truly strong password is long, random, and unique to each service. Consider using a password manager to generate and store strong passwords. For authentication-related tools, also see the TOTP Generator (add 2FA to your app) and the HMAC Generator (authenticate API requests).

Never Hash Passwords Without a Salt

A bare hash (MD5, SHA-256) of a password is not a secure password hash. If two users have the same password, their hashes are identical, enabling attackers to use precomputed rainbow tables. This tool automatically generates a cryptographically random 16-byte (128-bit) salt for every hash. The salt is unique per hash, ensuring that even identical passwords produce completely different output. This is why you should never use SHA256(password) for password storage — always use a purpose-built password hashing function like PBKDF2, bcrypt, or Argon2 that applies a salt and adds computational cost.

Frequently Asked Questions

True bcrypt requires native code and is not available in the browser's Web Crypto API. PBKDF2 is a NIST-approved password hashing algorithm built into the Web Crypto API. It is used by WPA2, macOS Keychain, iOS, and Django. With a high iteration count (600K+) it provides excellent security for most use cases.
NIST SP 800-132 recommends a minimum of 600,000 iterations for PBKDF2-SHA256 as of 2023. The Benchmark tab shows how long each count takes on your device. Choose a count that takes about 200–500 ms on your target server hardware — high enough to slow attackers but fast enough for users.
A salt is a random value added to the password before hashing. Without a salt, identical passwords produce identical hashes, enabling rainbow table attacks. With a unique random salt per user, each hash is unique even for identical passwords. This tool automatically generates a cryptographically random 16-byte salt for every new hash.
Yes. This tool runs 100% in your browser using the Web Crypto API. Your password never leaves your device. There is no server, no logging, and no analytics on the password field. For production systems, use a server-side library like bcrypt, Argon2, or scrypt rather than hashing in the browser.
The output format is: pbkdf2$sha256$ITERATIONS$SALT_HEX$HASH_HEX. This self-contained string encodes all information needed to verify the password — algorithm, iterations, salt, and hash — so you can store this single string in a database column without needing a separate salt field.