🔍 /

Calculate Whirlpool Hash of a String

Calculate the Whirlpool cryptographic hash (512-bit) of any string online. Supports UTF-8, ASCII, and hex input with instant results.

User Rating 0.0
Total Usage 0 times
Category Security
Is this tool helpful?

Your feedback helps us improve.

About

Whirlpool is a cryptographic hash function standardized under ISO/IEC 10118-3. It produces a 512-bit (128 hex character) digest from arbitrary-length input. The algorithm operates on an 8×8 state matrix over GF(28) using a Miyaguchi-Preneel compression scheme with 10 rounds of substitution, column shifting, row mixing, and key addition. An incorrect hash comparison during file integrity verification means you cannot detect tampering or corruption. This tool computes the full Whirlpool digest client-side. No data leaves your browser. The implementation follows the final Whirlpool specification (version 3.0, 2003) with the corrected S-box and updated round constants.

whirlpool hash hash calculator cryptographic hash 512-bit hash ISO 10118-3 checksum message digest

Formulas

Whirlpool processes message M in 512-bit blocks. After Merkle-Damgård padding, each block mi is compressed with the previous hash state Hi−1 via the Miyaguchi-Preneel scheme:

Hi = E(Hi−1, mi) Hi−1 mi

where E(K, P) is a block cipher operating on an 8×8 byte state matrix. Each of the 10 rounds applies four transformations:

S AddRoundKey(MixRows(ShiftColumns(SubBytes(S))))

SubBytes applies an S-box Sb built from exponentiation and affine transforms in GF(28) with irreducible polynomial p(x) = x8 + x4 + x3 + x2 + 1. ShiftColumns cyclically shifts column j by j positions. MixRows multiplies each row by a circulant MDS matrix over GF(28) with coefficients [01, 01, 04, 01, 08, 05, 02, 09] (hex). The padding appends bit 1, then zeros, then the message bit-length as a 256-bit big-endian integer.

Where: H0 = 0512 (all-zero initialization vector), E = Whirlpool block cipher, = bitwise XOR, mi = i-th 512-bit message block.

Reference Data

Hash AlgorithmDigest Size (bits)Block Size (bits)RoundsStructureStandardStatus
Whirlpool51251210Miyaguchi-PreneelISO/IEC 10118-3Current
SHA-25625651264Merkle-DamgårdFIPS 180-4Current
SHA-512512102480Merkle-DamgårdFIPS 180-4Current
SHA-3 (256)256108824Sponge (Keccak)FIPS 202Current
MD512851264Merkle-DamgårdRFC 1321Broken
SHA-116051280Merkle-DamgårdFIPS 180-4Broken
RIPEMD-16016051280Merkle-DamgårdISO/IEC 10118-3Legacy
BLAKE2b512102412HAIFARFC 7693Current
Tiger19251224Merkle-Damgård - Legacy
GOST R 34.11-2012256/51251212Merkle-DamgårdRFC 6986Current
Whirlpool-0 (v1)51251210Miyaguchi-Preneel - Obsolete
Whirlpool-T (v2)51251210Miyaguchi-Preneel - Obsolete

Frequently Asked Questions

Whirlpool uses a Miyaguchi-Preneel compression function built around a dedicated AES-like block cipher operating on an 8×8 byte matrix in GF(28). SHA-512 uses a Davies-Meyer Merkle-Damgård construction with 64-bit word arithmetic and 80 rounds. Whirlpool's algebraic structure (S-box from field inversion, MDS matrix) is closer to AES design philosophy. SHA-512 relies on modular addition, bitwise rotation, and Boolean functions. Both are considered secure. The choice depends on compliance requirements: Whirlpool for ISO/IEC 10118-3 contexts, SHA-512 for NIST FIPS environments.
This tool implements Whirlpool version 3.0 (2003), the final specification by Barreto and Rijmen. Version 1 (Whirlpool-0) had a weaker S-box. Version 2 (Whirlpool-T) improved the S-box but used a flawed diffusion layer. Version 3 corrected both. All round constants and lookup tables match the reference C implementation. The test vector for the empty string produces the digest starting with 19FA61D75522A466....
No. Whirlpool is a fast cryptographic hash designed for integrity verification, not password storage. A fast hash allows attackers to test billions of guesses per second. Password hashing requires deliberately slow functions such as bcrypt (cost factor ≥ 12), scrypt (memory-hard), or Argon2id. Whirlpool is appropriate for checksums, digital signatures, and HMAC constructions where speed is desirable.
The tool encodes the input string as UTF-8 bytes before hashing. A single emoji may expand to 4 bytes, and CJK characters to 3 bytes. This means the same visual string will produce different hashes under different encodings. Always specify encoding when comparing hashes across systems. This tool defaults to UTF-8, which matches most modern software.
No practical collision attack exists against full 10-round Whirlpool as of 2024. Theoretical rebound attacks reach 5 rounds with complexity around 2120. The birthday bound for a 512-bit hash is 2256 operations, far beyond any foreseeable computational capability. The algorithm remains unbroken in practice.
In Hex mode, the tool interprets the input as a sequence of hexadecimal byte values rather than text characters. For example, entering 48656C6C6F hashes the 5 bytes [0x48, 0x65, 0x6C, 0x6C, 0x6F], which is the ASCII representation of the word "Hello". This mode is useful when you need to hash raw binary data specified as hex. The input must have an even number of valid hex characters (0 - 9, A - F).