Hash Identifier
Paste a hash to identify its likely algorithm by length and format - all in your browser.
- Paste a single hash into the input box - just the hash, with no surrounding text.
- The tool inspects its length, character set, and any prefix, then ranks the algorithms it could be.
- Read the results as candidates ordered by likelihood, not as a single guaranteed answer.
- Use the top matches to pick the correct mode for a cracking tool like Hashcat or John the Ripper.
When you recover a hash from a database dump, a password file, or a captured token, the first question is always "what produced this?" A hash identifier answers that by reading the shape of the string rather than the secret behind it. It never reverses anything - it simply narrows a wall of hex or symbols down to a short list of plausible algorithms so you know how to proceed. Everything runs in your browser, so you can classify sensitive hashes without sending them anywhere.
How identification actually works
Three clues do almost all the work: length, character set, and any leading signature. Length is the strongest
signal for raw hashes because most algorithms emit a fixed size. A 32-character hexadecimal string is 128 bits,
which points to MD5 or NTLM. A 40-character hex string is 160 bits and suggests SHA-1. A 64-character hex string
is 256 bits and points to SHA-256. Character set matters too: if the value contains characters outside
0-9a-f, it is not plain hex and is more likely Base64-wrapped or a structured format. Finally, many
modern schemes carry an explicit prefix. A string beginning $2 (as in $2b$) is bcrypt;
$argon2id$ is Argon2; $6$ is SHA-512 crypt; $1$ is the old MD5 crypt.
Those prefixes make identification nearly certain.
Candidates, not certainty
Length-based identification is inherently ambiguous. That 32-character hex could be MD5, NTLM, MD4, or one of several other 128-bit functions - the string alone cannot distinguish them. A good identifier is honest about this and returns a ranked list rather than a false single answer. You resolve the ambiguity with context: NTLM hashes come out of Windows credential dumps, whereas a bare MD5 more often appears in an application database. The surrounding source of the hash frequently settles which candidate is correct.
Identifying is not cracking
It is worth being clear that this tool tells you the type, not the password. Recovering the original value is a
separate step that requires a cracking tool, a wordlist, and computing time. Identification matters precisely
because those tools need the right mode to work at all. Hashcat, for instance, uses -m 0 for MD5,
-m 1000 for NTLM, and -m 3200 for bcrypt; John the Ripper has its own format flags.
Point the cracker at the wrong mode and it will either fail immediately or waste hours producing nothing.
Salted and adaptive hashes
Not every hash is meant to fall quickly. Adaptive algorithms like bcrypt, scrypt, and Argon2 are deliberately
slow and include a per-password salt and a tunable cost factor, so even after you identify one correctly, an
attacker can only test a handful of guesses per second instead of billions. That slowness is a feature - it is
why these schemes are recommended for storing passwords. As a worked example, paste
$2b$12$R9h/cIPz0gi.URNNX3kh2OPST9/PgBkqquzi.Ss7KIUgO2t0jWMUW and the tool reports bcrypt with a
cost factor of 12. The $2b$ prefix names the scheme, the 12 is the work factor, and
the rest is the salt and digest combined. Knowing all of that before you launch a single crack attempt is
exactly what a hash identifier is for.
Questions fréquentes
How does hash identification work?
Why identify a hash before cracking?
Can two hash types look identical?
Does this crack the hash?
Is my hash uploaded?
Passez à la pratique
Entraînez-vous sur de vraies cibles
Transformez ces outils en compétences avec des labs pratiques et des cours guidés sur HackerDNA.
Créer un compte gratuit