In development. RVNT is pre-release — not yet security-audited. Source code, public builds, and the iOS / App Store release aren’t available yet. See the roadmap →

Bcrypt & htpasswd Generator

Bcrypt hashes & .htpasswd lines.

Runs entirely in your browser — nothing you enter is uploaded, logged, or tracked.

Create a bcrypt hash of a password (the algorithm behind Apache and nginx basic-auth) with an adjustable cost factor, get a username:hash line ready for an .htpasswd file, and verify whether a password matches an existing bcrypt hash. Everything runs locally — the password is never sent anywhere.

Frequently asked questions

Is bcrypt computed in my browser?

Yes. Hashing and verification run on-device with a vendored bcrypt implementation; the password and hash are never uploaded.

What cost factor should I use?

Higher cost is slower to brute-force but slower to compute. 10–12 is common for web logins; the slider lets you choose. Higher costs take noticeably longer in the browser.

Does the .htpasswd line work with Apache and nginx?

Yes — bcrypt ($2a$/$2y$) htpasswd lines are supported by Apache 2.4+ and nginx. Copy the username:hash line straight into your file.

Why is each hash different for the same password?

Bcrypt includes a random salt, so the hash changes every time — that is by design. Verification still matches because the salt is stored inside the hash.

Related tools

Password Generator Strong, random passwords — generated locally. Hash Generator SHA-1, SHA-256, SHA-384 & SHA-512. JWT Decoder Decode a JSON Web Token, locally.

Built by a privacy company

These tools never phone home — the same principle as RVNT itself: a post-quantum, end-to-end-encrypted, peer-to-peer messenger with no servers and no tracking.

Get RVNT All tools