PHP Password Verifier
Check a plaintext password against a PHP password_hash() bcrypt digest — entirely in your browser.
Checked entirely in your browser using bcryptjs — neither the password nor the hash is ever sent anywhere.
How PHP password verification works
PHP's password_hash() function (with the default or PASSWORD_BCRYPT algorithm) produces a self-contained bcrypt digest such as $2y$10$eImiTXuWVxfM37uY4JANjQZ4G3hSuXCJq1... The string encodes the algorithm identifier ($2y$), the cost factor (10, meaning 210 rounds), the 22-character salt, and finally the hash itself — all separated by $. There is deliberately no way to reverse a bcrypt hash back into the original password; verification instead re-hashes the candidate password using the salt and cost factor already embedded in the stored hash, then compares the two digests.
This tool performs that same comparison locally with the bcryptjs library's compareSync(), which is compatible with PHP's $2y$ hashes as well as the generic $2a$/$2b$variants used by other languages. It mirrors exactly what PHP's password_verify($password, $hash) does on the server — useful for debugging login issues, checking seed data, or confirming a hash was generated correctly — without ever needing a PHP runtime or sending either value over the network.
Private & free — this tool runs entirely in your browser.