Generate Users with Valid Bcrypt Password Hashes for Testing
Generate SQL mock data with valid Bcrypt password hashes. Test authentication, login flows, and password verification without manual hashing.
The Password Testing Problem
Testing authentication systems requires users with valid password hashes, but most mock data tools fall short:
Random string generators create fake "hashes" that don't match Bcrypt format and fail password verification.
You have to manually run Bcrypt on passwords and insert hashes into seed data, which is tedious and error-prone.
Without valid hashes, you can't test actual login flows or password verification logic with your seed data.
How MockBlast Generates Valid Password Hashes
MockBlast automatically generates valid Bcrypt password hashes:
✅ Real Bcrypt Hashes
Every generated password hash is a valid Bcrypt hash created from a known plaintext. You can immediately test login functionality without additional setup.
🔐 Configurable Plaintext
Choose the plaintext password for your test users. Use the same password for all users (easy testing) or generate unique passwords (realistic scenarios).
⚙️ Adjustable Cost Factor
Configure the Bcrypt cost factor (rounds). Use lower costs (8-10) for faster test execution or higher costs (12-14) to match production settings.
📋 Ready for Auth Libraries
Generated hashes work with all major auth libraries: bcrypt.js, bcryptjs, Passport.js, NextAuth, Django, Rails, and more.
Example: Users with Bcrypt Password Hashes
Import This Schema:
CREATE TABLE users ( id SERIAL PRIMARY KEY, username VARCHAR(50) UNIQUE NOT NULL, email VARCHAR(100) UNIQUE NOT NULL, password_hash VARCHAR(255) NOT NULL, created_at TIMESTAMP DEFAULT NOW() );
MockBlast Generates:
INSERT INTO users (id, username, email, password_hash, created_at) VALUES (1, 'johndoe', 'john@example.com', '$2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy', '2024-01-15 10:30:00'), (2, 'janesmith', 'jane@example.com', '$2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy', '2024-01-16 14:20:00'), (3, 'bobjohnson', 'bob@example.com', '$2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy', '2024-01-17 08:15:00'); -- All users have password: "password123" -- You can now test login with these credentials!
Testing Authentication with Generated Hashes
🧪 Login Flow Testing
Test complete login flows with valid credentials:
// Test login
const result = await login({
username: 'johndoe',
password: 'password123'
});
// ✓ Login succeeds!🔐 Password Verification
Test password verification logic:
// Test verification const isValid = await bcrypt.compare( 'password123', user.password_hash ); // ✓ Returns true
❌ Invalid Password Testing
Test failed login scenarios:
// Test wrong password
const result = await login({
username: 'johndoe',
password: 'wrongpassword'
});
// ✓ Login fails correctly🔄 Password Reset Flows
Test password reset functionality:
// Test password reset
await resetPassword({
username: 'johndoe',
newPassword: 'newpass456'
});
// ✓ Can test reset flowCommon Use Cases for Password Hash Generation
- •E2E Testing: Run end-to-end tests with real login flows using generated test users and valid password hashes.
- •Manual QA: Provide QA teams with test accounts they can actually log into for manual testing.
- •Demo Environments: Seed demo databases with users that clients can log into during product demonstrations.
- •Integration Testing: Test authentication middleware, session management, and JWT generation with valid credentials.
- •Performance Testing: Load test authentication endpoints with thousands of valid user credentials.
- •Role-Based Access: Test permission systems with users in different roles, all with working login credentials.
Understanding Bcrypt Hash Format
Anatomy of a Bcrypt Hash:
$2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy │ │ │ │ │ │ │ └─ Hash (31 chars) │ │ └───────────────────────────────────────────────────────── Salt (22 chars) │ └─────────────────────────────────────────────────────────── Cost factor (10) └────────────────────────────────────────────────────────────── Algorithm ($2b)
- $2b: Bcrypt algorithm version
- $10: Cost factor (2^10 = 1,024 rounds)
- Salt: Random salt for this hash (22 chars)
- Hash: The actual password hash (31 chars)
How to Generate Users with Password Hashes
- 1.Import Your User Schema: Paste your CREATE TABLE statement with a password_hash column into MockBlast.
- 2.Select Password Type: Choose "Password (Bcrypt)" as the data type for your password_hash column.
- 3.Configure Password: Set the plaintext password (default: "password123") and cost factor (default: 10).
- 4.Download SQL: Get INSERT statements with valid Bcrypt hashes ready to use for authentication testing.
Frequently Asked Questions
- What is Bcrypt and why use it for password hashes?
- Bcrypt is a secure password hashing algorithm that's designed to be slow and resistant to brute-force attacks. It's the industry standard for storing passwords. MockBlast generates valid Bcrypt hashes so you can test login functionality with realistic password data.
- Can I actually log in with the generated passwords?
- Yes! MockBlast generates valid Bcrypt hashes from known plaintext passwords (like 'password123'). You can use these credentials to test login flows, password verification, and authentication systems.
- What plaintext password does MockBlast use for the hash?
- By default, MockBlast uses a standard test password (like 'password' or 'password123') for all generated hashes. This makes testing easy since you know the plaintext. You can configure different passwords if needed.
- Does MockBlast support different Bcrypt cost factors?
- Yes! MockBlast allows you to specify the Bcrypt cost factor (rounds). Higher costs are more secure but slower. For testing, we recommend using a lower cost factor (8-10) to speed up authentication tests.
- Can I generate unique passwords for each user?
- While MockBlast can generate unique passwords, for testing purposes it's often better to use the same password for all test users. This makes manual testing easier while still providing realistic password hashes.