Privacy & Security

All hashing operations are performed locally in your browser using the Web Crypto API. Your data never leaves your device.

Hash Algorithms

Text Input

0 characters

Enable HMAC for message authentication with a secret key

Hash Comparison

Compare two hashes to check if they match (case-insensitive)

Hash Identifier

Paste a hash to identify its type and verify passwords against bcrypt hashes

Example Hashes (Click to Expand)
MD5:5d41402abc4b2a76b9719d911017c592
SHA-1:aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
SHA-256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae
bcrypt:$2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
Learn More About Hash Algorithms

What is a Hash Function?

A cryptographic hash function is a mathematical algorithm that takes input data of any size and produces a fixed-size output (hash). The same input always produces the same hash, but even a tiny change in input produces a completely different hash.

Recommended Algorithms

  • SHA-256: Industry standard for most applications. Widely used and secure.
  • SHA-512: Higher security margin than SHA-256. Good for long-term security.
  • SHA-3: Latest standard with different internal design than SHA-2 family.
  • BLAKE2: High-performance alternative, faster than MD5 while being more secure.
  • bcrypt: Adaptive password hashing designed to be slow. Best for password storage.
  • scrypt: Memory-hard password hashing. Resistant to hardware brute-force attacks.

Legacy Algorithms (Not Recommended)

  • MD5: Cryptographically broken. Use only for non-security purposes like checksums.
  • SHA-1: Deprecated due to collision attacks. Avoid for new applications.

Common Use Cases

  • File Integrity: Verify downloaded files haven't been corrupted or tampered with
  • Data Deduplication: Identify duplicate files by comparing hashes
  • API Authentication: HMAC signatures for secure API requests
  • Password Storage: Use bcrypt or scrypt for secure password storage
  • Digital Signatures: Part of creating and verifying digital signatures

Password Hashing: bcrypt vs scrypt

bcrypt: Uses the Blowfish cipher and includes a work factor (cost) that can be increased over time as hardware improves. Each hash includes a random salt automatically. Widely supported and battle-tested since 1999.

scrypt: Designed to be memory-intensive in addition to CPU-intensive, making it resistant to hardware attacks using custom chips (ASICs). Requires significant RAM to compute, making parallel attacks expensive.

What is HMAC?

HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key. It's used to verify both the integrity and authenticity of a message, ensuring it hasn't been modified and comes from someone who knows the secret key.