CDRN

Generate a hash: MD5, SHA-256, SHA-512, bcrypt, Argon2

  • Dashboard
  • Documentation
  • API
hash a string with the main algorithms (MD5, SHA-1, SHA-256, SHA-512, bcrypt, Argon2id). Useful for storing passwords or signing data in a non-reversible way

Why use password hashing?

Password hashing is essential to secure sensitive information, such as user passwords. Rather than storing passwords in plain text, hashing converts them into a random, irreversible string. This protects passwords even in case of a database breach, because the hash cannot easily be reversed to recover the original password.

Features of the password hashing tool

This password hashing tool uses secure algorithms to generate high-quality hashes. You can pick from various hashing algorithms, such as SHA-256, SHA-512, bcrypt, or other algorithms recognised for their security.

How to use the hashing tool

On the usage page, you can enter the password to hash in the dedicated text area. Pick the desired hashing algorithm and click the button to generate the hash.

Once the hash is generated, it will be displayed in a result area. You can copy the hash to use it in your application or secure database.

Example of a hashed password

Here is an example of the password "password123" hashed using the bcrypt algorithm: 


$2y$10$8Y1q1L6z0pcpO8fJcoJP3OzJ1i9gyThBVWy50MXKuR8ymyZvW9G7e

Frequently asked questions

Why not use SHA-256 directly to store passwords?

SHA-256 is too fast. A modern GPU can test several billion SHA-256 hashes per second, making brute-force or dictionary attacks trivial on common passwords. For password storage, use intentionally slow and memory-hard functions like bcrypt, scrypt or argon2id. They integrate a salt and an adjustable cost factor to resist hardware progress.

What is the difference between MD5, SHA-1 and SHA-256?

MD5 (128 bits) and SHA-1 (160 bits) are old algorithms, considered broken in cryptography: collisions can be produced in practice. SHA-256 (256 bits) belongs to the SHA-2 family and remains the modern standard for integrity fingerprints, TLS certificates or package signatures. For a new project, systematically go with SHA-256 or SHA-512.

What is the salt for in a password hash?

The salt is a random string added to the password before hashing. It ensures that two users choosing the same password get two different hashes, which prevents the use of precomputed tables (rainbow tables) and forces the attacker to attack each account individually. bcrypt, scrypt and argon2 automatically handle the salt, which is stored in the resulting string.

Why does the same password hashed with bcrypt give a different result on each run?

Because bcrypt generates a random salt on each call and embeds it in the final hash. The $2y$10$<salt><hash> format packs cost, salt and fingerprint in a single string. To verify a password, you extract the salt from the stored hash and rehash the candidate password with that same salt: that is what password_verify() does in PHP.

bcrypt, scrypt or argon2: which to pick?

argon2id is the recommended choice by OWASP in 2026: it combines resistance to GPU and ASIC attacks thanks to an adjustable memory cost. scrypt is a good alternative if argon2 is not available. bcrypt remains very widespread and acceptable for many uses, with a cost of at least 12. To absolutely avoid: MD5, SHA-1, SHA-256 or SHA-512 used alone to store a password.

Is the password sent to a server during hashing?

For purely client-side algorithms (MD5, SHA-1, SHA-256, SHA-512) computation can run in the browser via the Web Crypto API. For bcrypt, the native PHP implementation is used server-side because no standard browser API exposes it. In every case, the password only travels over HTTPS, is neither logged nor stored, and the returned hash can be copied for later use.

Example request

curl -X POST https://cdrn.fr/api/v1/tools/hash-generator/execute \
  -H "Content-Type: application/json" \
  -d '{"texte":"...","algorithm":"adler32"}'

Input schema

Field Type Required Default
texte text
algorithm choice (adler32, argon2i, argon2id, bcrypt, crc32, crc32b, crc32c, fnv132, fnv164, fnv1a32, fnv1a64, gost, gost-crypto, haval128,3, haval128,4, haval128,5, haval160,3, haval160,4, haval160,5, haval192,3, haval192,4, haval192,5, haval224,3, haval224,4, haval224,5, haval256,3, haval256,4, haval256,5, joaat, md2, md4, md5, murmur3a, murmur3c, murmur3f, ripemd128, ripemd160, ripemd256, ripemd320, sha1, sha224, sha256, sha3-224, sha3-256, sha3-384, sha3-512, sha384, sha512, sha512/224, sha512/256, snefru, snefru256, tiger128,3, tiger128,4, tiger160,3, tiger160,4, tiger192,3, tiger192,4, whirlpool, xxh128, xxh3, xxh32, xxh64)

Endpoints

  • GET https://cdrn.fr/api/v1/tools - lists every available tool
  • GET https://cdrn.fr/api/v1/tools/hash-generator - returns the schema for this tool
  • POST https://cdrn.fr/api/v1/tools/hash-generator/execute - runs this tool with a JSON payload