OnlineCyberTools MCP (280+ filterable tools)

crypto_bcrypt_verify

Read-onlyIdempotent

Check if a plaintext password matches a bcrypt hash. Parses the hash for cost, salt, and version, then returns match status and a strength analysis of the cost factor.

Instructions

Bcrypt Password Verifier. Check whether a plaintext password matches an existing bcrypt hash, using the cost and salt that bcrypt encodes inside the $2a$/$2b$/$2x$/$2y$ hash string. Use this to verify a candidate password against a stored hash; use crypto_bcrypt instead to generate a new hash. Runs locally with PHP password_verify on the input you provide: read-only, non-destructive, contacts no external service, and is rate-limited (5 requests/minute for anonymous callers). Returns whether the password matched, the cost/salt/version parsed from the hash, and a strength analysis of that cost factor.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`password`	Yes	The plaintext password to test against the hash.
`hash`	Yes	The bcrypt hash to verify against, in modular crypt format $2<version>$<cost>$<22charSalt><31charDigest> as produced by crypto_bcrypt. The cost and salt are read from this string to recompute the digest and compare it against the supplied password; no separate cost or salt parameter is needed.

Output Schema

TableJSON Schema

Name	Required	Description
`password`	No	The plaintext password that was tested (echoed back from the request).
`hash`	No	The bcrypt hash that was verified against (echoed back from the request).
`valid`	No	True when the password matches the supplied bcrypt hash.
`duration`	No	Time taken to run the verification, in seconds (rounded to 3 decimals).
`info`	No	Fields parsed from the bcrypt hash; contains only error when the hash format is invalid.
`format`	No	Structural breakdown of the hash string.
`security`	No	Strength analysis of the parsed cost factor; null when no cost could be read from the hash.
`error`	No	Present only on a 4xx/5xx error response (e.g. missing password or hash); absent on success.

Tool Definition Quality

A4.9/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Goes beyond annotations by specifying that it runs locally with PHP password_verify, is read-only, non-destructive, contacts no external service, and has rate limits. This aligns with annotations (readOnlyHint, destructiveHint, idempotentHint) and adds valuable behavioral details.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is concise with two main parts: upfront purpose and usage guidance, then behavioral details. Every sentence adds value without redundancy.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a two-parameter tool with output schema, the description covers purpose, usage, behavior, parameter semantics, and return details (matching, parsed fields, strength analysis). It is fully adequate for the agent to select and invoke correctly.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with descriptions and examples for both parameters. The description adds useful context that the cost and salt are read from the hash string, eliminating the need for separate parameters, which enhances understanding beyond the schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Bcrypt Password Verifier' and explains that it checks whether a plaintext password matches an existing bcrypt hash. It distinguishes itself from sibling tool crypto_bcrypt by noting that the sibling should be used for generating new hashes.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states when to use this tool ('verify a candidate password against a stored hash') and provides an alternative ('use crypto_bcrypt instead to generate a new hash'). Also mentions rate limits and local execution for context.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Jambozx/onlinecybertools-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server