How to identify an unknown hash quickly
Learn a practical workflow for identifying unknown hash formats using length, character set, prefixes, separators, and common false positives.

The fast method
Most unknown hashes can be narrowed down by checking length, character set, and format clues. You may not identify the exact algorithm every time, but you can usually build a short list of likely candidates.
Start with the Hash Identifier tool, then use the checks below to understand why a match appears.
Step 1: Count the characters
Length is the first clue.
| Length | Common possibility |
|---|---|
| 32 hex characters | MD5, NTLM, some truncated hashes |
| 40 hex characters | SHA-1 |
| 56 hex characters | SHA-224 |
| 64 hex characters | SHA-256, SHA3-256, BLAKE2 variants |
| 96 hex characters | SHA-384 |
| 128 hex characters | SHA-512 |
Length alone is not proof. Several algorithms can produce the same length, and developers sometimes truncate hashes.
Step 2: Check the character set
Look at which characters appear:
- Hex hashes use
0-9anda-f. - Base64-like values may include uppercase, lowercase, digits,
+,/, and=. - Modular crypt formats often include
$separators. - bcrypt hashes often start with
$2a$,$2b$, or$2y$.
If a value contains characters outside hex, it is not a plain hex-encoded MD5, SHA-1, or SHA-256 hash.
Step 3: Look for prefixes and separators
Some hashes carry metadata:
$2b$12$...usually points to bcrypt.$argon2id$...points to Argon2id.{SHA}or{SSHA}may appear in LDAP-style storage.- Salted formats may include
hash:salt,salt:hash, or multiple$fields.
These markers are often more useful than length.
Step 4: Beware false matches
A 32-character hex string is not automatically MD5. It could be:
- NTLM
- A random API key
- A truncated SHA-256 value
- A database identifier
- Encrypted or encoded data that only looks like a hash
Always treat hash identification as a probability, not a guarantee.
Step 5: Verify with a known sample
If you control the original input, hash the same input with likely algorithms and compare outputs. For SHA-256, use the SHA-256 generator. If the result matches, you have strong evidence.
FAQ
Can a hash identifier recover the original password?
No. A hash identifier only guesses the likely algorithm or format. Recovering the original input is a separate cracking problem and may be impossible.
Why do several algorithms appear as candidates?
Many algorithms share output length and character sets. A good identifier should rank candidates and explain why each one matched.
Should I paste real password hashes into online tools?
Avoid pasting sensitive production hashes into public tools. Use test values or local/internal tooling for real incident response.
