Online Dev Tools

Developer & Security Tools for IT Professionals

Fuel The Infrastructure

Hash Identifier

Runs locally in your browser No account required

Last reviewed: June 6, 2026 — interactive functionality verified end-to-end; data-handling summary added.

Guess what kind of hash a string is, from its length, character set, and any prefix.

Likely matches

About this tool

This hash identifier inspects a string's length, character set, and any leading prefix to suggest which algorithm likely produced it. Many algorithms share the same digest length — a 32-character hex string could be MD5, NTLM, MD4, or RIPEMD-128 — so identification is a best-guess shortlist rather than proof. Everything runs locally in your browser; nothing you paste is uploaded or stored.

Real example

The default value 5f4dcc3b5aa765d61d8327deb882cf99 is 32 hex characters, which means a 128-bit digest. Candidates for that length are MD5, NTLM, MD4, and RIPEMD-128. As it happens, this particular value is the MD5 of the word password — a reminder that a fast, unsalted digest of a common word offers no real protection.

Common use cases

  • Triaging a hash found in a leak or log: when you encounter an unknown digest in a breach dump, application log, or config file, identifying the likely type tells you what you are dealing with before you act on it.
  • Choosing the right mode for a cracking tool: tools like hashcat and John the Ripper need the correct hash mode. Narrowing the candidates by length and prefix points you toward the right setting.
  • Recognizing a slow bcrypt/argon2 hash vs a fast unsalted one: a $2b$ or $argon2id$ prefix signals a deliberately slow, salted password hash, whereas a bare hex digest is typically a fast, unsalted one — an important security distinction.

Common mistakes

  • Treating length as definitive: length narrows the field but rarely settles it. Several distinct algorithms produce digests of identical length, so a 64-character hex string is not automatically SHA-256.
  • Ignoring salt and combined formats: stored hashes often appear as hash:salt or similar combined formats. Identifying the whole string as one digest will fail — split it on the separator and examine each part.
  • Assuming hex means cryptographic: not every fixed-length hex string is a cryptographic hash. Checksums like CRC-32 and Adler-32, truncated values, and plain random hex can all look the part.

FAQ

Can it tell me the exact algorithm?
No — length and character set are ambiguous; it gives a ranked shortlist, and prefixes like $2b$ or $argon2id$ are the only near-certain signals.

Is my hash uploaded anywhere?
No — identification runs in your browser; nothing is transmitted or stored.

Does this crack or reverse hashes?
No — it only identifies the likely type; hashes are one-way.

Related tools