Example hashes
by format.
A quick reference for the hash formats most commonly encountered in forensic and password recovery work. For each: the plaintext password (unless otherwise noted), the hash output, and the typical context.
| Format | Example | Context |
|---|---|---|
| MD5 | 5f4dcc3b5aa765d61d8327deb882cf99 | Legacy password hashes, file checksums, HMAC. Never use for new passwords. |
| SHA-1 | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 | Git object IDs, legacy TLS, some password databases. |
| SHA-256 | 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 | TLS certificates, Bitcoin, HMAC. Typically paired with a KDF for password use. |
| SHA-512 | b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86 | Linux $6$ crypt, HMAC, modern digital signatures. |
| Cisco Type 7 | 0822455D0A16 | IOS running-config after service password-encryption. Reversible XOR. |
| Office 2013+ | $office$*2013*100000*256*16*… | Emitted by office2john.py from .docx/.xlsx/.pptx. AES-256, SHA-512, 100k iterations. |
| ODF 1.2 | $odf$*1*1*1024*32*… | Emitted by libreoffice2john.py. AES-256 or Blowfish, PBKDF2-SHA-1. |
| PKZIP / ZIP 2.0 | $pkzip2$… | Emitted by zip2john. Traditional ZIP encryption. |
| RAR5 | $rar5$16$… | Emitted by rar2john. PBKDF2 over archive header. |
| NTLM | 8846f7eaee8fb117ad06bdd830b7586c | Windows local account password hash. MD4 over UTF-16LE plaintext. |
| bcrypt | $2b$12$GhvMmNVjRW29ulnudl.LbuAnUtN/LRfe1JsBm1Xu6LE3059z5Tr8m | Modern password KDF. Resistant to GPU brute-force. Not currently supported by our online tool. |
John the Ripper tutorial
How to install John, feed it hashes from *2john extractors, and tune wordlists.
Hashcat tutorial
GPU-accelerated cracking with Hashcat — mode flags, rules, mask attacks.