Hash Preimage Finder
Watch a bounded, local brute-force search recover a weak hash input in seconds, or run out of keyspace on anything with real entropy. No wordlist, no table, just your browser. A demonstration of why fast, unsalted hashes fail.
Hashing & cryptoA fast hash of a low-entropy input is trivially reversible by enumeration, as you just saw. Real password storage defends against this in three layers.
A unique random salt per password makes every stored hash different, even for identical passwords. That is what breaks lookup services like CrackStation: a precomputed table would need rebuilding for every salt, so it becomes useless.
bcrypt, scrypt, Argon2, and PBKDF2 are deliberately slow and tunable. Making each guess cost milliseconds instead of nanoseconds cuts an attacker's rate by six orders of magnitude or more, turning a seconds-long crack into millennia.
MD5 and SHA-1 are collision-broken and, like SHA-256, far too fast for storing secrets. Use a purpose-built password hash, and give secrets enough length and randomness that no keyspace search can reach them.
Everything runs locally in your browser. Nothing you paste is uploaded. This tool exists to demonstrate hash weakness and is bounded so it can only recover trivially weak inputs.