Tiger Hash Generator

Tiger: the 64-bit-native hash from Cambridge

Tiger is a cryptographic hash function designed by Ross Anderson (University of Cambridge) and Eli Biham (Technion, Israel) in 1995. Its standard output is 192 bits (24 bytes, 48 hex chars). Truncated variants Tiger/160 and Tiger/128 simply drop the trailing bits when a smaller digest is needed. There is also Tiger2, a tweaked version with the same compression function but a different padding byte (0x80 instead of 0x01), recommended for new deployments.

Tiger was the first cryptographic hash explicitly optimised for 64-bit CPUs — bold in 1995, when even the Pentium was still 32-bit. Internally it follows the Merkle–Damgård paradigm with a compression function that mixes the message with four large S-boxes (8 × 256 entries of 8 bytes each — about 16 KiB of lookup tables). Three passes per block, each with eight rounds, give 24 rounds total.

Where Tiger was used: P2P file sharing

Tiger's main historical foothold was the Tiger Tree Hash (TTH), a Merkle-tree construction over 1 KiB leaves that became the de-facto integrity primitive in mid-2000s P2P networks: Direct Connect / DC++, Gnutella2 and early BitTorrent alternatives. The tree structure allowed verification of individual chunks of large files, which mattered when downloads were resumable across many peers. BitTorrent itself eventually standardised on SHA-1 and, with BitTorrent v2, SHA-256.

Performance and security

On pure 64-bit code Tiger is very fast — around 600 MB/s on an Athlon 64 from the mid-2000s, comparable to SHA-1 of that era. On modern CPUs, however, SHA-256 enjoys SHA-NI hardware acceleration on Intel/AMD and Cortex-A, which Tiger does not. Security-wise Tiger has never been broken: the best published cryptanalysis attacks reduced-round variants but the full 24-round hash stands. There is no NIST or ISO standardisation, however, which limited mainstream adoption.

Library support today

• libgcrypt and Crypto++ still ship Tiger and Tiger2.
• OpenSSL removed Tiger in the 3.x line — earlier versions exposed it via the legacy provider.
• Use cases today: maintaining or interoperating with legacy DC++/Gnutella2 file pools, or analysing historical archives — there is little reason to pick Tiger for new designs.

FAQ

Did Tiger ever replace SHA-1? No. SHA-1 won the standardisation race (FIPS 180-1) and was already deep in TLS, X.509 and Git by the time Tiger landed in libraries. Tiger remained a niche choice for P2P file sharing.

Is Tiger still used in production? Mostly in legacy P2P stacks (DC++ hubs are still alive in some communities) and in a handful of custom-built systems. Mainstream protocols moved to SHA-2 long ago.

Is Tiger faster than SHA-256? Yes in pure 64-bit software, but no on hardware that supports SHA-NI extensions, because SHA-256 then runs in dedicated silicon while Tiger still walks through 16 KiB of S-boxes.

Tiger vs Tiger2: which to choose? Tiger2 — the padding fix aligns it with the rest of the hash family (MD5, SHA-1, SHA-2 all pad with 0x80). Both produce the same 192-bit output but with different digests for the same input.

Does this tool send my data to a server? No. The hash is computed entirely in your browser via JavaScript — your input never leaves the page.