About Hash Lab

Hash Lab is a small interactive corner of guptadeepak.com for learning what cryptographic hash functions actually do, by running them. Every hash is computed in your browser; no input ever leaves the page; no analytics watches what you type.

Why this exists

I've been writing about identity, authentication, and applied cryptography for a long time. I first started while founding LoginRadius in 2013 (which grew into a CIAM platform handling 1B+ identities), and continue now through long-form pieces on this site. Hash functions are the load-bearing primitive under nearly all of it: password storage, file integrity, webhook signing, content-addressed storage, blockchains.

Long-form articles explain hash functions well. But the moment a reader can type into a hash function (change one character, watch the entire output shuffle, drop a file and watch SHA-256 stream over 128 MB in three seconds) the properties stop being abstract. That's what this lab is for.

What's here

• Identifier: paste a hash, learn which algorithm produced it.
• Properties: type any input and watch the five hash properties play out.
• Compare: every algorithm, same input, side by side, with throughput numbers.
• File hash: drag-and-drop a file; stream-hash it locally.
• HMAC: the construction underneath AWS V4 signing, Stripe webhooks, JWT HS256.
• Password hashing: Argon2id, bcrypt, scrypt with tunable cost factors.
• Algorithm reference: one card per algorithm with the deep dive linked.

What's deliberately not here

This is not a hash-cracking tool, not a rainbow-table service, not a place to paste production secrets. The password-hash demo uses a fixed salt and is for visualizing work factors. Never use a fixed-salt hash in production.

How it's built

Static Next.js export, deployed on Cloudflare Workers alongside the rest of guptadeepak.com. Hashing uses the Web Crypto API for SHA-1/2 + HMAC, and the excellent hash-wasm for everything else (MD5, SHA-3, BLAKE2/3, RIPEMD-160, bcrypt, scrypt, Argon2id). hash-wasm is loaded lazily, so pages that don't need it never pull it in.

Predecessor

Hash Lab supersedes hashing-tools.guptadeepak.com. That subdomain now 301-redirects here.

Questions, corrections, or an algorithm you wish was here? Mail hello@guptadeepak.com.