Online hash calculator

Input string, or drag-n-drop a file, to calculate the corresponding hash values using the CRC32, CRC64, MD5, Blake2b, Blake3, Whirlpool, RipeMD, SHA-1, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-384 and SHA3-512 algorithms.


Hash calculation algorithms

Hash algorithms TLDR

Hash algorithms are like digital fingerprints, used to represent data in a fixed-size format. A hash function transforms data of any size into a fixed-length byte array through a mathematical process.

These algorithms are one-way functions, meaning that while you can easily compute the hash from the input, it’s impossible to reverse the process to obtain the original input from the hash. Brute force attacks can attempt to guess the input, but there's no way to confirm if a guess is correct based solely on the hash.

Another key feature is that even a tiny change in the input—like altering one character—results in a completely different hash.



Hash tool introduction

This tool allows you to generate hash values instantly using a variety of popular algorithms, including CRC32, CRC64, MD5, Blake2b, Blake3, Whirlpool, RipeMD, SHA-1, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-384 and SHA3-512. It’s ideal for both learning and practical use, providing fast, accurate hash results.

The user interface has been completely redesigned to offer a cleaner, more compact view of your results. You’ll also get real-time timing data for each hash calculation, giving you deeper insights into performance and algorithm efficiency.

With expanded algorithm support and improved usability, this tool is a comprehensive resource for generating hashes and understanding how they work. Whether for file integrity checks or exploring cryptographic concepts, it’s built to deliver reliable, instant results.



Samples

Try out these, if you would like to give it a go, and see how it works:

HASH calculation of random 'lorem ipsum' HASH calculation of 'AAAA' HASH calculation of 'AABA'




Common usecases

The two properties mentioned above, make hash calculations super efficient for:

  • Comparison of large amounts of data: Because you can calculate hash values ​​of data, and then just compare these hash values, rather than comparing all data byte-by-byte

  • Message authentication: Is the sender of a message who he/she claims to be, and has the message been tampered with? It is done quite simply by
    • Sender and receiver agree to a [secret code]
    • When the sender wants to send a [message], a hash value of [secret code] + [message] is calculated
    • [Message] and hash value are sent to recipient (but not the [secret code] - the [secret code] must always remain secret)
    • Receiver similarly calculates the hash value based on [secret code] + [message].
    • This hash code calculated by the recipient must be identical to the hash code recieved by the sender
    • If the two hash values ​​are identical, then it is a fact that the sender knows the secret code and that the message has not been modified in any way. If the message had been changed, the recipient's hash calculation would have given a different result - and the comparison of the two sender hash values ​​would fail.

  • Simple one-way encryption (of, for example, passwords): Rather than storing passwords as plain text in databases, files or the like, you can simply store a calculated hash value of the password. This ensures that the code is never available as readable plain text - and you can check people's passwords by simply doing the hash calculation on the password used at login, and then comparing it with the hash value you have stored on the user. If the hash values ​​are the same, the user has entered the correct password.



The different types of hash algorithms

When discussing hash functions, it’s important to distinguish between different types. Not all hashes are created equal, and the type of hash you need depends on your use case. Hash functions generally fall into three categories:

  • Checksums are used primarily for verifying data integrity, ensuring that the data hasn't been altered during transmission or storage. They are simple and fast but not secure.

  • Non-Cryptographic Hash Functions are designed to be fast and efficient, often used in data structures like hash tables. While useful for performance, they are not intended for security purposes and are vulnerable to manipulation.

  • Cryptographic Hash Functions are designed with security in mind. They are resistant to collisions (two different inputs generating the same output), and it's computationally infeasible to reverse the hash to find the original input or generate the same hash with a different input.



The individual algorithms


  • CRC32 and CRC64: CRC32 and CRC64 are non-cryptographic algorithms primarily used for error-checking in file transfers and data storage. While fast and effective for detecting data corruption, they provide no cryptographic security and are not suitable for protecting against intentional tampering.

  • MD5: MD5 is a cryptographic hash function created by Ronald Rivest in 1992. It produces a 128-bit hash and was once widely used for file integrity checks and password hashing. However, in 2004, vulnerabilities were discovered that allowed for collision attacks, making it insecure for cryptographic use. Today, MD5 is primarily used in non-security contexts such as basic checksums.

  • SHA-1: SHA-1 is a cryptographic hash developed by the NSA in 1993. It generates a 160-bit hash and was widely used for digital signatures and SSL certificates. However, it became vulnerable to collision attacks in 2005, leading to its deprecation in secure systems. SHA-1 is still found in older systems but is no longer considered secure for modern cryptography.

  • SHA-2: SHA-2 is a cryptographic hash family introduced by the NSA in 2001, consisting of several variations including SHA-224, SHA-256, SHA-384, and SHA-512. SHA-2 is widely used in security applications like blockchain technology, SSL certificates, and password hashing. It remains secure and robust, with no practical vulnerabilities discovered.

  • SHA-3: SHA-3 is a cryptographic hash introduced in 2015 as a secure alternative to SHA-2. Based on the Keccak algorithm, it provides resistance against potential future attacks. SHA-3 offers variations like SHA3-256 and SHA3-512, making it a highly secure option for cryptographic applications. While it’s not as widely adopted as SHA-2 yet, it is considered very secure.

  • RIPEMD: RIPEMD (RACE Integrity Primitives Evaluation Message Digest) is a cryptographic hash function family developed in 1996 by the Belgian researchers Hans Dobbertin, Antoon Bosselaers, and Bart Preneel. The most common variant, RIPEMD-160, produces a 160-bit hash and is designed to be secure against collision attacks. Though it has not been as widely adopted as SHA or Blake families, RIPEMD-160 remains a reliable choice for secure hashing tasks.

  • Blake: Blake2b, introduced in 2012, is a fast and secure cryptographic hash function producing a 256-bit hash. It is efficient for tasks like password hashing. Blake3, introduced in 2020, builds on Blake2 with even faster performance and scalability, generating a 256-bit hash and excelling in modern applications that require both speed and security.

  • Whirlpool: Whirlpool is a cryptographic hash function created in 2000 by Vincent Rijmen and Paulo Barreto. It generates a 512-bit hash and is resistant to known cryptographic attacks. Whirlpool is used in applications that require high security, although it is less commonly used than SHA-family algorithms.




Security of hash algorithms (and why not to use MD5)

The typical ways to attack a hash algorithm are

  • Collision attack: Can you create the same hash result with two different input values? If so, you have a 'collision'.

  • Preimage attack: Can you calculate backwards and calculate the input message based on the hash result?

If an algorithm is vulnerable to these attacks, it cannot be considered secure.

MD5 and SHA-1 were both compromised in 2004 and 2005 respectively via collision attacks. This means, that neither of the two, computes uniq output when put under stress. It also means that using MD5 and SHA-1 to store e.g. passwords, several different passwords - ultimately - will cause invalid passwords to be approved, even though they are different, because the calculated hash value is identical.

Please note, that even though this tool calulates a CRC hash/checksum, CRC is in no way usefull in any kind of security context.



Would you like to know more?

Wikipedia has a great in-depth article on hash algorithms. It is definitely worth reading.

Wikibooks, similarly, has a good article on attacks on hash algorithms.

Feedback

These tools are still in active development. If you have any kind of feedback, please let me know. Send me an e-mail on iamrootdottech(a)gmail.com.