{{ summaryHeading }}
{{ summaryFigure }}
{{ summarySecondary }}
{{ badge.text }}
Use Smart for copied logs, tickets, or exports; use Strict for already-clean hash values.
Examples: $2b$..., {SSHA}..., 64-character hex, or one candidate per line. Files stay in this browser.
{{ sourceStatusText }}
{{ collapseDuplicates ? 'On: analyze unique normalized hashes only.' : 'Off: keep duplicate pasted lines in the table.' }}
{{ collapseDuplicates ? 'On' : 'Off' }}
Accepted: All rows, High-confidence, Ambiguous, or Needs attention.
{{ saveHistory ? 'On: save up to 20 local lookup snapshots.' : 'Off: skip local lookup history for new runs.' }}
{{ saveHistory ? 'On' : 'Off' }}
{{ shareInput ? 'On: include short hash input in share links.' : 'Off: keep hash text out of the URL.' }}
{{ shareInput ? 'On' : 'Off' }}
Section Item Status Detail Copy
Overview {{ row.label }} {{ row.value }} Hash triage summary metric.
Recommendation P{{ idx + 1 }} Next step {{ item }}
Signal {{ item.label }} {{ item.count }} row(s) {{ item.basis }}
Ambiguous row {{ row.normalizedHash }} {{ row.candidateSummary }} {{ row.evidence }} Next: {{ row.nextStep }}
Needs attention {{ row.rawLine }} {{ row.statusLabel }} {{ row.evidence }} Next: {{ row.nextStep }}
# Input Normalized Status Top signal Candidates Evidence Next step Copy
{{ index + 1 }} {{ row.rawLine }} {{ row.normalizedHash }} {{ row.statusLabel }} {{ row.topSignal }} {{ row.candidateSummary }} {{ row.evidence }} {{ row.nextStep }}
No rows match the current filter.
# When Items Rows Strong Ambiguous Attention Settings Actions Copy
{{ index + 1 }} {{ formatWhen(item.ts) }} {{ item.items }} {{ item.rows }} {{ item.strong }} {{ item.ambiguous }} {{ item.unknown }} {{ historySettingsText(item) }}
No snapshots yet. Paste a value above and the tool can keep a local trail when Save history is on.
Tags: Cryptography, Diagnostics, Security
File Hash Generator Hash one local file in the browser, compare MD5, SHA, SHA-3, or RIPEMD-160 digests, and keep session history with salt and case context.
HMAC Generator Generate HMAC signatures locally from text or local text files with SHA and RIPEMD options, byte encodings, expected-signature checks, prefixes, and exports.
RSA Keys Converter Convert RSA keys between PKCS#1, PKCS#8, encrypted private, and public PEM wrappers with local parsing and fingerprint checks.
Text Encryptor & Decryptor Encrypt or decrypt private text in your browser with AES-GCM defaults, password stretching, portable envelopes, integrity checks, and byte-size breakdowns.
Customize
Advanced
:

Stored hashes rarely arrive with perfect documentation. They show up in database dumps, LDAP exports, password-migration notes, incident tickets, application logs, and old configuration files, often as one long string with only a few visible clues. Those clues can still matter. A leading $2b$ points toward bcrypt, $argon2id$ points toward Argon2id, {SSHA} points toward an LDAP-style password value, and a leading * plus forty hexadecimal characters often points toward a MySQL password hash shape.

The hard part is knowing which clues are strong and which are only suggestive. Password hashing schemes often store the algorithm marker, salt, cost factor, and encoded digest together because a verifier needs that information later. Plain cryptographic digests are different. A bare 32-character hexadecimal value might be MD5, MD4, NTLM, or another 128-bit digest representation. A 64-character hexadecimal value might fit SHA-256 or SHA3-256. The visible text tells you the storage shape, not the password, original input, product, or security level by itself.

That distinction matters during migrations and audits. A password hash with a self-describing modular crypt string can usually be routed to the matching verifier with less guesswork. A raw digest or checksum may need field names, export notes, database version, account type, or surrounding code before it can be labeled safely. Treating a length-only guess as proof can send a migration down the wrong path or make an incident note sound more certain than the evidence supports.

Diagram of a stored hash string showing marker, parameters, payload shape, and source context as separate identification clues.

Four kinds of evidence are useful in practice: explicit markers, tagged wrappers, encoded length, and source context. Markers such as $5$, $6$, $P$, pbkdf2_sha256$, or S: can narrow a family quickly. Length and alphabet checks are weaker because many algorithms share output sizes. Source context remains important because database authentication strings, directory values, password hashes, checksums, tokens, and truncated log fragments can look similar after copying.

Real credential material deserves careful handling even when it is "only a hash." A password hash can let an attacker test guesses offline, and a digest copied from a private workflow may reveal account, file, or system context. Identification should be treated as triage: useful for routing and cleanup, but not a substitute for a trusted verifier or source-system evidence.

How to Use This Tool:

Use the checker when you need to sort copied hash-like values into likely families before a verifier, migration script, or incident note makes final decisions.

  1. Paste one value per line in Hash input, or use Browse file / drag and drop for a TXT, LOG, or CSV file under 2 MB. The text area accepts copied log lines as well as already-clean values.
  2. Choose Smart cleanup for lines such as hash=..., quoted values, or single hash-like tokens embedded in copied text. Choose Strict raw values when labels and surrounding characters are part of what you need to inspect.
  3. Set Collapse duplicates based on the job. Leave it on for unique inventory work. Turn it off when repeated rows from a source export need to remain visible.
  4. Check the summary first. For a single row, it shows the likely family or the reason the value is ambiguous, unknown, or in need of cleanup. For several rows, it counts matched, ambiguous, cleanup, and unknown values.
  5. Use Show rows to focus the Lookup Table on high-confidence rows, ambiguous rows, or values that need attention. If a row says Cleanup likely, paste only the raw token, switch to Smart cleanup, or check Base64 padding and copy boundaries.
  6. Open Triage Brief for a compact summary, Confidence Signal Chart for the distribution of confidence labels, and JSON when another workflow needs the structured result.
  7. Use Save history only when local browser snapshots are helpful, and leave Share input in URL off for sensitive values. A shared address can expose short pasted input to anyone who receives it.

After classification, confirm important rows with the system that produced them or with the verifier that will actually check the value.

Interpreting Results:

The Status label is confidence about visible format, not a security rating. A strong bcrypt or Argon2 signal can still use weak cost settings, old parameters, or poor surrounding account controls. A length-only digest may be structurally valid while still being the wrong family for the system you are reviewing.

Status What it means What to do next
Strong signal A distinctive prefix, tag, or wrapper points to one supported family. Use the matching verifier and preserve cost, salt, scheme tag, and other embedded fields.
Pattern match One supported shape fits, but the evidence is mostly length, alphabet, or simple structure. Check the source system, column name, application setting, or expected verification method.
Ambiguous overlap Several supported families share the same visible shape. Keep all candidates in notes until a scheme label, source record, or verifier settles the family.
Cleanup likely The value appears wrapped, labeled, truncated, malformed, or copied with extra text. Retry with Smart cleanup, paste only the raw token, or restore missing padding and copy boundaries.
Unknown format No supported pattern fits the visible value. Consider vendor-specific formats, encrypted blobs, random tokens, IDs, unsupported hash families, or incomplete exports.

The Top signal, Candidates, Evidence, and Next step fields should be read together. The top signal is the first routing clue; the evidence explains why it appeared; the next step tells you what outside confirmation is still needed.

Technical Details:

Hash identification is an ordered rule problem. Specific markers are more reliable than generic shape checks, so self-describing password-hash strings, LDAP scheme tags, and database authentication prefixes should be considered before plain hexadecimal or Base64 length tests. A marker can name a storage scheme, while length only says how many encoded bytes may be present.

Rule Core:

Rule stage Evidence checked Why it matters
Cleanup Outer quotes, short leading labels, and copied lines with one clear hash-like token. Removes common copy artifacts without treating labels as final algorithm proof.
Explicit markers Prefixes such as $argon2id$, $2b$, $pbkdf2-..., $1$, $5$, $6$, $apr1$, $P$, and $H$. These strings usually carry the strongest family evidence and often include salt or cost data.
Tagged and database formats LDAP tags such as {SSHA}, MySQL-style * plus 40 hex characters, PostgreSQL-style md5 plus 32 hex characters, DCC2 strings, and Oracle-style S: values. Wrappers and product-specific markers can be more meaningful than digest length.
Plain encoded digests Hexadecimal lengths of 8, 16, 32, 40, 56, 64, 96, and 128 characters, plus common padded Base64 lengths. These checks can find candidates, but many families share the same visible length.
Attention checks Unsupported lengths, incomplete Base64 padding, mixed wrapper text, or values that look hash-like but do not match a supported shape. These rows usually need the original export, a cleaner copy, or vendor documentation.

Hexadecimal length is easy to count because each byte becomes two hex characters. Base64 is less direct because the encoding works in three-byte groups and uses padding when the final group is short. That is why a Base64-looking value with missing or inconsistent padding can move from a candidate to a cleanup warning.

Underlying bytes Typical hex length Typical padded Base64 shape Common overlap
16 32 hex characters 22 characters plus == MD5, MD4, NTLM, and other 128-bit outputs.
20 40 hex characters 27 characters plus = SHA-1 and RIPEMD-160.
32 64 hex characters 43 characters plus = SHA-256 and SHA3-256.
64 128 hex characters 86 characters plus == SHA-512, SHA3-512, Whirlpool, and related 512-bit outputs.

Modern password hashes are usually better identified by structure than by digest size. Argon2 strings commonly carry a variant, version, memory cost, iteration count, parallelism, salt, and hash. bcrypt strings carry a version marker, cost, salt, and checksum in a compact modular crypt format. PBKDF2 variants often carry the digest family and iteration count. Those embedded fields are part of what a verifier needs, so removing them can make a real password hash unusable.

Directory and database formats add another source of clues. LDAP-style scheme tags such as {SHA}, {SSHA}, and {SMD5} name how the following Base64 value should be interpreted. PostgreSQL MD5 authentication strings and MySQL 4.1-style password hashes have product-specific wrappers. These clues help route records, but they do not make old or legacy methods safe.

A label in copied text should be handled carefully. If a line begins with SHA256: and the remaining value is 64 hexadecimal characters, the label is useful source context, but the normalized token still has the same visible shape as SHA-256 and SHA3-256. The safer record is "64-hex digest with a SHA256 source label" until the producing system or verifier confirms the algorithm.

Privacy and Security Notes:

The checker analyzes pasted text and supported local files in the browser. It does not need to upload hash input to classify rows. Privacy can still be lost through user actions, so handle exported tables, copied rows, downloaded JSON, saved browser history, and shared URLs as credential-adjacent material.

  • Local history: when Save history is on, recent lookup snapshots are kept in the same browser and can include the original pasted text.
  • Shared URLs: when Share input in URL is on, short input can appear in the address bar and in anything that stores or forwards that address.
  • Exports: CSV, DOCX, image, and JSON downloads can preserve normalized values, evidence, candidate names, and copied source text.
  • Security meaning: identifying a format does not verify a password, rate password strength, crack a hash, or prove that a stored value is safe to keep.

Worked Examples:

Input used Expected output cues How to read it
$2b$12$abcdefghijklmnopqrstuu6hPXYe7tv6CBlUX4t2PzIVcjzR2ZxLe Status: Strong signal. Top signal: bcrypt. Candidates: bcrypt. The $2b$ marker, cost field, and fixed payload shape are strong format evidence. Confirm the cost and verifier before migration.
2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 Status: Ambiguous overlap. Top signal: 64-char hex overlap. Candidates: SHA-256 and SHA3-256. The value has a valid 64-hex shape, but length alone does not prove which 256-bit digest family produced it.
SHA256: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 with Smart cleanup. Status: Ambiguous overlap. Evidence: the normalized token is still a 64-character hex value. Smart cleanup can remove the label, but the label is not treated as proof. Keep the label in your notes and confirm it against the source system.
47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= Status: Pattern match. Top signal: Base64-SHA-256. Candidates: Base64-SHA-256. A 43-character Base64 body plus = padding fits a 32-byte digest. Confirm that the source stores raw digests in Base64.
a9f3c4d5e6b7a8c9d0e1f2a3b4c5d6 Status: Cleanup likely. Top signal: Cleanup needed. Thirty hex characters is not one of the supported full digest lengths. Check whether the value was truncated during copy or export.

FAQ:

Can a visible hash string prove the algorithm?

Sometimes it can provide strong evidence, especially with markers such as $argon2id$, $2b$, or {SSHA}. Plain hex and Base64 values often need source-system or verifier confirmation.

Does this verify passwords or crack hashes?

No. It classifies visible formats and suggests verification steps. It does not test a password, recover an input, check account validity, or measure resistance to guessing.

Why did Smart cleanup change my input?

Smart cleanup removes common copy wrappers, short labels, and surrounding text when one clear hash-like token remains. Use Strict raw values when the wrapper itself may be evidence.

Why is a value labeled SHA256 still ambiguous?

The normalized value may still be only 64 hexadecimal characters, which also fits SHA3-256. Treat the label as source context and confirm it with the producing system.

Are local files uploaded?

TXT, LOG, and CSV files are read in the browser for classification. Saved history, shared URLs, copied rows, and downloaded exports can still retain sensitive values on your device or wherever you send them.

Why did the row count drop after pasting a list?

Collapse duplicates is probably on. Repeated normalized values are analyzed once. Turn it off when duplicate rows from the original export need to remain visible.

Glossary:

Digest
A fixed-size value produced by a hash function from an input.
Salt
Random or unique data stored with a password hash so equal passwords do not produce equal stored values.
Cost factor
A work setting, iteration count, memory setting, or related parameter that changes how expensive verification is.
Modular crypt
A password-hash string style that uses $-separated markers and fields to carry the scheme and verification data.
Scheme tag
A visible wrapper such as {SSHA} that names how a directory password value should be interpreted.
Verifier
The password-hash or authentication code path that checks whether a supplied password matches a stored value.

References: