Hash Identifier Tool (Reverse Lookup) | Auto-detect MD5, SHA-1, SHA-256, SHA-512, SHA-3, BCrypt, Argon2
Paste a hash-looking string and this tool guesses which algorithm — MD5, SHA-1, SHA-256, SHA-512, SHA-3, BCrypt, or Argon2 — most likely produced it, based on its length, character set, and prefix. Everything runs entirely in your browser.
A hash value itself does not record the name of the algorithm used to generate it. Because several algorithms can share the same output length, this result is the "most likely guess" based on length, character set, and prefix — not a 100% certain conclusion.
Tips for identifying hashes
- The identification only uses length, character set (hex vs. Base64), and prefix as clues — it does not recompute the hash to verify it. It only shows candidates that can be inferred from the format.
- BCrypt (
$2a$/$2b$/$2y$) and Argon2 ($argon2id$, etc.) embed the algorithm name and parameters directly in the prefix, so they can be identified with high confidence. - A 64-character hex string is most commonly SHA-256, but SHA3-256 produces the same length, so if you know the source system's language or library, use that information as well.
- Hash dumps copied across multiple lines (separated by line breaks or spaces) are automatically stripped of internal whitespace before identification, so you can paste them as-is.
- If you are not confident in the result, the most reliable approach is to check the source of the hash — the application's source code or documentation.
Frequently Asked Questions
$2b$ or $argon2id$. As long as this information can be read, the algorithm can be pinned down uniquely.
Side Note — Why a hash value alone can't pin down the algorithm
A hash function's job is to convert input data into a fixed-length output, and that output (the digest) itself contains no metadata indicating which algorithm produced it. This is an inevitable consequence of its design: embedding metadata would change the output length, breaking the "fixed length" property that is essential to a cryptographic hash function. That leaves only the "appearance" of the output — its length and character set — as a clue.
This limitation shows up most clearly in the relationship between the SHA-2 and SHA-3 families. SHA-256 and SHA3-256 have completely different internal structures (SHA-2 uses a Merkle–Damgård construction, SHA-3 uses a sponge construction), yet both are designed to produce a 256-bit output — 64 hexadecimal characters. The same relationship holds for SHA-224/SHA3-224, SHA-384/SHA3-384, and SHA-512/SHA3-512, so output length alone can never settle which one it is. Since SHA-2 is overwhelmingly more common in practice, this tool presents the SHA-2 variant as the leading candidate when lengths match, but that is ultimately a statistical guess.
Password-hashing algorithms such as BCrypt and Argon2, on the other hand, resolve this ambiguity by adopting a self-describing format known as Modular Crypt Format. Strings like $2b$12$... or $argon2id$v=19$... embed the algorithm name, version, and parameters as text at the front of the hash, making it possible to uniquely reconstruct how the value was computed just by looking at it. Whenever you encounter a hash in this format, a definitive identification becomes possible.
This kind of identification work comes up in real scenarios — investigating password dumps recovered from legacy systems, or cryptography challenges in CTF (Capture The Flag) security competitions. Narrowing down the algorithm from a hash value alone lets you efficiently decide which analysis tool or cracking approach to try next, such as which attack mode to select in Hashcat.