Whirlpool Hash Generator

Compute the 512-bit Whirlpool cryptographic digest

Free Whirlpool hash generator that computes the full 512-bit ISO/IEC 10118-3 digest of any text using the Miyaguchi-Preneel construction. Faithful pure-JavaScript implementation that runs entirely in your browser; nothing is uploaded. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

Is my text sent to a server?

No. The Whirlpool digest is computed in pure JavaScript entirely in your browser. Your text never leaves your device and nothing is uploaded.

This tool computes the Whirlpool hash of any text and shows the full 512-bit digest as a 128-character hexadecimal string. Whirlpool is a cryptographic hash designed by Vincent Rijmen (co-author of AES) and Paulo Barreto, standardised in ISO/IEC 10118-3. Its AES-inspired internal structure makes it attractive for contexts where a 512-bit digest from a well-studied, independently reviewed algorithm is preferred over SHA-512.

How Whirlpool works

Whirlpool is built with the Miyaguchi-Preneel construction: a dedicated 512-bit block cipher called W is used as a compression function, where the message block is the plaintext and the running hash is the key. For each block the output is:

new_state = W(state, block) XOR block XOR state

This double-feed-forward construction makes the compression function one-way even if the underlying cipher is inverted.

The cipher W operates on an 8x8 matrix of bytes for 10 rounds. Each round applies:

  1. SubBytes — a non-linear S-box substitution built from three 4-bit mini-boxes (a mini-cipher followed by its inverse, then XOR)
  2. ShiftColumns — a cyclic permutation of the columns by different amounts
  3. MixRows — each row multiplied by a Maximum Distance Separable (MDS) matrix in GF(2^8) with the reduction polynomial 0x11D
  4. AddRoundKey — XOR with a round constant derived by running the same W transformation over a scheduled key

The key schedule reuses the same full-round transformation, so the algorithm has only one moving part. This implementation generates the S-box and the eight 64-bit round lookup tables at runtime, and uses BigInt for exact 64-bit row arithmetic, reproducing the official ISO test vectors precisely.

Whirlpool versus SHA-512

Both produce 512-bit digests, but their lineage is different:

PropertyWhirlpoolSHA-512
Design basisAES-like (SPN) cipherMerkle-Damgård with SHA-1-style rounds
Standardised byISO/IEC 10118-3NIST FIPS 180-4
Block size512-bit1024-bit
Rounds1080
Speed (typical)Slower in softwareFaster in software
HardwareNo dedicated accelerationSHA-NI not present for SHA-512 on most CPUs

Whirlpool’s narrower block size means it processes short inputs quickly but falls behind on large data volumes compared to SHA-512. Its AES-style design means it benefits from the same mathematical security analysis that has scrutinised AES for decades.

When you might encounter Whirlpool

  • Password hashing schemes: some versions of TrueCrypt/VeraCrypt support Whirlpool for key derivation
  • Some academic and European cryptography standards specify Whirlpool as an alternative 512-bit hash
  • Legacy systems from the early 2000s that chose Whirlpool before SHA-512 was as widely adopted

Reference values

  • Empty string: 19fa61d75522a4669b44e39c1d2e1726c530232130d407f89afee0964997f7a73e83be698b288febcf88e3e03c4f0757ea8964e59b63d93708b138cc42a66eb3
  • abc: 4e2448a4c6f486bb16b6562c73b4020bf3043e3a731bce721ae1b303d97e6d4c7181eebdb6c57e277d0e34957114cbd6c797fc9d95d8b582d225292076d4eef5

Use these to verify that any Whirlpool implementation is computing correctly. Whirlpool is a cryptographic hash for integrity, not a password hash — for storing passwords use a slow, salted function such as bcrypt or Argon2. Everything here runs locally in your browser; nothing is uploaded.