~/toolshash-identifier

Hash Identifier

Paste a hash to identify its likely algorithm by length and format - all in your browser.

hash-identifier Local · sem envio
  1. Paste a single hash into the input box - just the hash, with no surrounding text.
  2. The tool inspects its length, character set, and any prefix, then ranks the algorithms it could be.
  3. Read the results as candidates ordered by likelihood, not as a single guaranteed answer.
  4. Use the top matches to pick the correct mode for a cracking tool like Hashcat or John the Ripper.

When you recover a hash from a database dump, a password file, or a captured token, the first question is always "what produced this?" A hash identifier answers that by reading the shape of the string rather than the secret behind it. It never reverses anything - it simply narrows a wall of hex or symbols down to a short list of plausible algorithms so you know how to proceed. Everything runs in your browser, so you can classify sensitive hashes without sending them anywhere.

How identification actually works

Three clues do almost all the work: length, character set, and any leading signature. Length is the strongest signal for raw hashes because most algorithms emit a fixed size. A 32-character hexadecimal string is 128 bits, which points to MD5 or NTLM. A 40-character hex string is 160 bits and suggests SHA-1. A 64-character hex string is 256 bits and points to SHA-256. Character set matters too: if the value contains characters outside 0-9a-f, it is not plain hex and is more likely Base64-wrapped or a structured format. Finally, many modern schemes carry an explicit prefix. A string beginning $2 (as in $2b$) is bcrypt; $argon2id$ is Argon2; $6$ is SHA-512 crypt; $1$ is the old MD5 crypt. Those prefixes make identification nearly certain.

Candidates, not certainty

Length-based identification is inherently ambiguous. That 32-character hex could be MD5, NTLM, MD4, or one of several other 128-bit functions - the string alone cannot distinguish them. A good identifier is honest about this and returns a ranked list rather than a false single answer. You resolve the ambiguity with context: NTLM hashes come out of Windows credential dumps, whereas a bare MD5 more often appears in an application database. The surrounding source of the hash frequently settles which candidate is correct.

Identifying is not cracking

It is worth being clear that this tool tells you the type, not the password. Recovering the original value is a separate step that requires a cracking tool, a wordlist, and computing time. Identification matters precisely because those tools need the right mode to work at all. Hashcat, for instance, uses -m 0 for MD5, -m 1000 for NTLM, and -m 3200 for bcrypt; John the Ripper has its own format flags. Point the cracker at the wrong mode and it will either fail immediately or waste hours producing nothing.

Salted and adaptive hashes

Not every hash is meant to fall quickly. Adaptive algorithms like bcrypt, scrypt, and Argon2 are deliberately slow and include a per-password salt and a tunable cost factor, so even after you identify one correctly, an attacker can only test a handful of guesses per second instead of billions. That slowness is a feature - it is why these schemes are recommended for storing passwords. As a worked example, paste $2b$12$R9h/cIPz0gi.URNNX3kh2OPST9/PgBkqquzi.Ss7KIUgO2t0jWMUW and the tool reports bcrypt with a cost factor of 12. The $2b$ prefix names the scheme, the 12 is the work factor, and the rest is the salt and digest combined. Knowing all of that before you launch a single crack attempt is exactly what a hash identifier is for.

Perguntas frequentes

How does hash identification work?
Different algorithms produce outputs of characteristic length and character set - MD5 is 32 hex characters, SHA-1 is 40, SHA-256 is 64, and bcrypt starts with $2. This tool matches those signatures to rank the most likely types. It cannot be certain, only probable.
Why identify a hash before cracking?
Cracking tools like Hashcat and John the Ripper need the correct mode or format. Feeding a SHA-256 hash as if it were MD5 wastes time and finds nothing. Identifying the type first is the first step of any password-cracking workflow.
Can two hash types look identical?
Yes. A 32-character hex string could be MD5, NTLM, or several others, so the tool lists candidates rather than a single answer. Context - where you found it and what produced it - helps you choose.
Does this crack the hash?
No. It only identifies the likely algorithm. Cracking requires a wordlist or brute force with a dedicated tool - learn that end to end in our password-cracking course and labs.
Is my hash uploaded?
No. Identification runs on pattern rules in your browser. The hash you paste never leaves your device.

Pratique de verdade

Pratique em alvos reais

Transforme essas ferramentas em habilidades com labs práticos e cursos guiados na HackerDNA.

Criar uma conta gratuita
15.000+ Hackers 100+ Labs & Cursos Grátis
Comece Grátis