This tool computes the Whirlpool hash of any text and shows the full 512-bit digest as a 128-character hexadecimal string. Whirlpool is a cryptographic hash designed by Vincent Rijmen (co-author of AES) and Paulo Barreto, standardised in ISO/IEC 10118-3. Its AES-inspired internal structure makes it attractive for contexts where a 512-bit digest from a well-studied, independently reviewed algorithm is preferred over SHA-512.
How Whirlpool works
Whirlpool is built with the Miyaguchi-Preneel construction: a dedicated 512-bit block cipher called W is used as a compression function, where the message block is the plaintext and the running hash is the key. For each block the output is:
new_state = W(state, block) XOR block XOR state
This double-feed-forward construction makes the compression function one-way even if the underlying cipher is inverted.
The cipher W operates on an 8x8 matrix of bytes for 10 rounds. Each round applies:
- SubBytes — a non-linear S-box substitution built from three 4-bit mini-boxes (a mini-cipher followed by its inverse, then XOR)
- ShiftColumns — a cyclic permutation of the columns by different amounts
- MixRows — each row multiplied by a Maximum Distance Separable (MDS) matrix in GF(2^8) with the reduction polynomial 0x11D
- AddRoundKey — XOR with a round constant derived by running the same W transformation over a scheduled key
The key schedule reuses the same full-round transformation, so the algorithm has only one moving part. This implementation generates the S-box and the eight 64-bit round lookup tables at runtime, and uses BigInt for exact 64-bit row arithmetic, reproducing the official ISO test vectors precisely.
Whirlpool versus SHA-512
Both produce 512-bit digests, but their lineage is different:
| Property | Whirlpool | SHA-512 |
|---|---|---|
| Design basis | AES-like (SPN) cipher | Merkle-Damgård with SHA-1-style rounds |
| Standardised by | ISO/IEC 10118-3 | NIST FIPS 180-4 |
| Block size | 512-bit | 1024-bit |
| Rounds | 10 | 80 |
| Speed (typical) | Slower in software | Faster in software |
| Hardware | No dedicated acceleration | SHA-NI not present for SHA-512 on most CPUs |
Whirlpool’s narrower block size means it processes short inputs quickly but falls behind on large data volumes compared to SHA-512. Its AES-style design means it benefits from the same mathematical security analysis that has scrutinised AES for decades.
When you might encounter Whirlpool
- Password hashing schemes: some versions of TrueCrypt/VeraCrypt support Whirlpool for key derivation
- Some academic and European cryptography standards specify Whirlpool as an alternative 512-bit hash
- Legacy systems from the early 2000s that chose Whirlpool before SHA-512 was as widely adopted
Reference values
- Empty string:
19fa61d75522a4669b44e39c1d2e1726c530232130d407f89afee0964997f7a73e83be698b288febcf88e3e03c4f0757ea8964e59b63d93708b138cc42a66eb3 abc:4e2448a4c6f486bb16b6562c73b4020bf3043e3a731bce721ae1b303d97e6d4c7181eebdb6c57e277d0e34957114cbd6c797fc9d95d8b582d225292076d4eef5
Use these to verify that any Whirlpool implementation is computing correctly. Whirlpool is a cryptographic hash for integrity, not a password hash — for storing passwords use a slow, salted function such as bcrypt or Argon2. Everything here runs locally in your browser; nothing is uploaded.