Hash Identifier

Paste a hash and see what algorithm most likely produced it. Identification is by length, character set, and any signature prefix. Nothing is sent to a server.

Hash

How does hash identification work?

Length plus character set

Hashes are usually printed as hex (0-9, a-f) or Base64. Every algorithm produces a fixed-size output, so the length narrows the field quickly. MD5 is 128 bits which is exactly 32 hex characters. SHA-256 is 256 bits or 64 hex characters. If you see a 32-character all-hex string, it's almost certainly MD5 or NTLM (both produce the same length).

Signature prefixes

Algorithms designed for password storage usually start with a marker so the verifier knows what to do. Common prefixes:

$2a$ , $2b$ , $2y$ = bcrypt
$argon2i$ , $argon2d$ , $argon2id$ = Argon2
$5$ = SHA-256 crypt (Unix), $6$ = SHA-512 crypt
$y$ = yescrypt
$pbkdf2-sha256$ = PBKDF2 with SHA-256
{SSHA} = salted SHA-1, LDAP-style

The "looks like X but could be Y" problem

Pure hex outputs of the same length are interchangeable on inspection. We can't tell MD5 apart from NTLM, or SHA-1 apart from MySQL5, or SHA-256 apart from SHA3-256, just by looking at the bytes. The way to know for sure is to look at the context: where did this hash come from? A Windows SAM dump means NTLM. A WordPress user table means PHPass. A git object means SHA-1.

What this tool will NOT do

It will not crack the hash, "decode" the hash, or reverse it to plaintext. Hashes are one-way by design. The only way to recover the original input is to guess it and check the hash, which is what password crackers do.