Tools / Hash Identifier
Hash Identifier
Paste any hash string to instantly identify its type. The tool checks the length, character set, and prefix against known hash formats including MD5, SHA family, bcrypt, NTLM, and common Unix crypt variants.
Identification result
Hash length reference
| Algorithm | Hex length | Bits |
|---|---|---|
| MD5 / NTLM | 32 | 128 |
| SHA-1 | 40 | 160 |
| SHA-224 | 56 | 224 |
| SHA-256 | 64 | 256 |
| SHA-384 | 96 | 384 |
| SHA-512 | 128 | 512 |
How it works
Most hex-encoded hashes can be identified purely by their character count. MD5 always produces 128 bits, which encodes to exactly 32 hex characters. SHA-1 produces 160 bits (40 hex chars), SHA-256 produces 256 bits (64 hex chars), and SHA-512 produces 512 bits (128 hex chars). If a hash uses a non-hex alphabet or has a recognizable prefix like $2a$ or $6$, the format can be determined immediately.
NTLM hashes are 32 hex characters - the same length as MD5. The key difference is that NTLM hashes are typically presented in uppercase. When you encounter an ambiguous 32-char hex hash, context matters: hashes from Windows environments are likely NTLM, while hashes from web applications are more likely MD5.
Hash challenges appear frequently in picoCTF forensics and cryptography categories. Look for hash-related challenges in the picoCTF 2024 and picoCTF 2025 crypto challenge sets.
Bcrypt hashes have a distinctive structure: they begin with $2a$, $2b$, or $2y$, followed by the cost factor (work factor) and then a 53-character Base64-encoded string combining salt and hash. The cost factor is a number like 10 or 12 that controls how many iterations are performed. SHA-512-crypt (used in modern Linux /etc/shadow) starts with $6$.
Once you have identified the hash type, the next step in a CTF is usually cracking it. Short or common passwords can be cracked with a wordlist attack using tools like hashcat or john. The correct hashcat mode number depends on the algorithm - for example, -m 0 for MD5, -m 100 for SHA-1, and -m 1800 for SHA-512-crypt. Identifying the type correctly before attempting to crack saves significant time.
In forensics challenges, hashes are also used to verify file integrity. If a challenge provides a hash alongside a downloaded file, verify that the hash matches before analyzing the file - a mismatch could indicate the file was modified or corrupted, which is itself sometimes a clue in the challenge.
Once you have identified the hash type here, use the Checksum Calculator to compute hashes of candidate inputs and verify them against the target. Together, these two tools cover the full identify-then-verify workflow common in CTF hash challenges.