Cryptographic hash functions process data of arbitrary size and produce an output (hash) of a fixed size. Because the size and character set of the output are mathematically strictly defined by the algorithm, we can often deduce the likely algorithms that produced it by simply looking at its length and pattern.
- Hexadecimal Length: A 32-character hexadecimal string is 128-bits long, strongly suggesting MD5, NTLM, or MD4. A 64-character hex string is 256-bits long, almost certainly indicating SHA-256.
- Prefix Identifiers: Password hashing schemes often include identifying prefixes. For example, a hash starting with
$2a$,$2y$, or$2b$is unmistakably Bcrypt. Hashes starting with$argon2i$or$argon2id$are Argon2. - Caveat: Multiple different algorithms can produce outputs of the exact same length and character set (e.g., MD5 and NTLM). In these cases, it is impossible to know for certain without context, so this tool will list all likely candidates.