Hash Lab
Cryptographic hash functions, explained by running them.
Compute, identify, and compare 14 algorithms: SHA-2, SHA-3, BLAKE2/3, Argon2id, HMAC, the retired ones too. Everything runs in your browser; nothing uploads anywhere.
Pick a tool
- Hash identifier
Paste any hash and we'll tell you which algorithm produced it.
- Properties demo
Compute a hash live and see deterministic, avalanche, and one-way behavior.
- Algorithm compare
Run every algorithm against the same input: output, throughput, security side by side.
- File hash
Drop a file. Stream-hash it in your browser. Verify against a publisher's reference.
- HMAC signing
Compute HMAC-SHA256/384/512 signatures: the AWS / Stripe / GitHub webhook flavor.
- Password hashing
Argon2id, bcrypt, scrypt. Drag the cost sliders and feel the work factor.
All 14 algorithms
See the full index →10 secure · 2 deprecated · 2 broken
- MD5broken
The world's most famous hash function, still everywhere despite being completely broken for security purposes since 2004.
- SHA-1broken
The standard hash of the late-'90s web. Demonstrably collidable since 2017's SHAttered, but TLS, Git, and JWT all still ship code paths that touch it.
- SHA-256secure
The default cryptographic hash for the modern web. TLS certificates, Bitcoin, GitHub's new object IDs: all SHA-256 underneath.
- SHA-384secure
Truncated SHA-512: the awkward middle child of the SHA-2 family. Mandated by NSA Suite B at the TOP SECRET level.
- SHA-512secure
The big sibling of SHA-256. Faster on 64-bit hardware, larger output, identical security properties.
- SHA3-256secure
Keccak under the SHA-3 banner: a totally different sponge construction from SHA-2, immune to length-extension by design.
- SHA3-512secure
The 512-bit member of the SHA-3 family. Same sponge construction, more capacity, slower throughput.
- BLAKE2bsecure
Faster than MD5, more secure than SHA-3. Quietly powers WireGuard, Argon2, libsodium, and most password managers' KDF inputs.
- BLAKE3secure
Parallelizable hashing that beats every other secure algorithm on raw throughput. Has a built-in XOF, MAC, and KDF mode.
- RIPEMD-160deprecated
The hash inside every Bitcoin and Ethereum address. Cryptographically strong-ish, but mostly here because Satoshi picked it.
- HMAC-SHA256secure
The right way to authenticate a message with a shared secret. AWS V4 signatures, Stripe webhooks, JWT HS256: all HMAC-SHA256 underneath.
- bcryptdeprecated
The first really-deliberately-slow password hash. Still everywhere (Rails, Laravel, Django defaults), but Argon2id is the modern pick.
- scryptsecure
Colin Percival's memory-hard answer to bcrypt's GPU vulnerability. Used by Litecoin and a long tail of password databases.
- Argon2idsecure
Winner of the Password Hashing Competition. Memory-hard, side-channel resistant, three tunable knobs. The 2026 default.
Read the deep dive on guptadeepak.com
Long-form companions to the interactive lab.
- All about Hashing Algorithms
The umbrella reference page for everything hashing on guptadeepak.com.
- What is Hashing? A Complete Guide for Developers and Security Professionals
Long-form 101. Start here if hashing is new to you.
- Understanding Hashing Algorithms: A Beginner's Guide
Companion 101 with worked examples.