RIPEMD-160 Hash Generator

RIPEMD-160: the European hash that powers Bitcoin addresses

RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest) is a cryptographic hash function published in 1996 by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the Catholic University of Leuven, Belgium. It came out of the European RIPE project (Race Integrity Primitives Evaluation, 1988–1993), the EU equivalent of the U.S. push that gave us SHA. The output is 160 bits (20 bytes, 40 hex chars), the same width as SHA-1, but the internal design is very different.

The original RIPEMD (1992, 128 bits) was structurally similar to MD4 and was broken in 2004. RIPEMD-160 — together with the 128/256/320 variants — was the reinforced redesign. Its compression function runs two parallel processing lines with different round functions and constants, combined at the end. This defensive structure makes differential attacks much harder than on single-line MD-family hashes.

Why Bitcoin uses RIPEMD-160

RIPEMD-160's most famous deployment is inside the Bitcoin address. A standard P2PKH (Pay-to-Public-Key-Hash) address is computed as:

address = Base58Check( 0x00 || RIPEMD-160( SHA-256( public_key ) ) )

Compressing 32 bytes down to 20 keeps addresses short enough to encode in Base58. Satoshi also chose defense in depth: a break in SHA-256 alone, or RIPEMD-160 alone, does not compromise the address. Ethereum, in contrast, uses Keccak-256 only.

Security and performance

RIPEMD-160 targets 80-bit collision resistance — weaker than SHA-256 (128-bit) but still without a practical attack in 2026. Speed is comparable to SHA-1. Crucially, it was never patented, unlike many hash designs of the era — that openness helped its adoption in cryptocurrency. Other historical users: TrueCrypt (HMAC-RIPEMD-160 inside the volume header) and OpenPGP key fingerprints.

When to use it today

• Bitcoin / cryptocurrency tooling — anything dealing with P2PKH addresses or BIP-141 witness programs.
• Identity fingerprints where a 160-bit ID is enough and collisions are not adversarial.
• Avoid for new general-purpose signatures or TLS — choose SHA-256, SHA-3 or BLAKE2/3.

FAQ

Is RIPEMD-160 still safe? Yes for non-adversarial identification (fingerprints, address derivation). No known practical collision attack has been published as of 2026, but the 80-bit security margin is well below modern recommendations of 128 bits.

How does it compare to SHA-1? Same output size and similar speed, but RIPEMD-160 has held up better to cryptanalysis — SHA-1 collisions were demonstrated (SHAttered, 2017) while RIPEMD-160 has none. It is also an open European standard with no patent history.

Will Bitcoin ever migrate away from RIPEMD-160? There is no active proposal. Taproot (BIP-341) already uses SHA-256 internally for new address types, but legacy P2PKH addresses will keep RIPEMD-160 essentially forever for backward compatibility.

Does this tool send my data to a server? No. The hash is computed entirely in your browser via JavaScript — your input never leaves the page.