Whirlpool Hash Generator

Whirlpool: the 512-bit hash from the AES co-author

Whirlpool is a cryptographic hash function published in 2000 by Vincent Rijmen (co-author of AES/Rijndael) and Paulo S. L. M. Barreto. It produces a fixed output of 512 bits (64 bytes, 128 hexadecimal characters). The name is a tribute to the Whirlpool Galaxy (M51). Whirlpool was one of the algorithms recommended by the European NESSIE project (New European Schemes for Signatures, Integrity and Encryption, 2000–2003) and was eventually standardized in ISO/IEC 10118-3:2018 as part of the dedicated hash functions catalog.

Internally, Whirlpool uses the Miyaguchi–Preneel construction over a dedicated 512-bit block cipher named W, which borrows heavily from AES: it operates on an 8×8 byte state with similar S-box, ShiftRows, MixColumns and AddRoundKey steps, but with 10 rounds and a larger state. Three versions were published — Whirlpool-0 (2000), Whirlpool-T (2001, improved S-box) and the final Whirlpool (2003); the 2003 version is the one referenced by ISO and OpenSSL.

Performance and security trade-offs

Whirlpool is slower than SHA-2 in pure software: typical desktop CPUs achieve roughly 200 MB/s with Whirlpool vs 400+ MB/s with SHA-256 and several gigabytes per second with BLAKE3. There is no dedicated CPU instruction for Whirlpool (unlike SHA-NI on Intel/AMD and ARMv8 crypto extensions for SHA-256). On the security side, no public attack has broken the full Whirlpool, but it has received considerably less academic scrutiny than SHA-2 or SHA-3 — the absence of attacks may reflect lack of attention as much as inherent strength.

Real-world usage

The most famous deployment is TrueCrypt and its successor VeraCrypt, where Whirlpool has been a selectable hash for volume key derivation since the early 2000s. Beyond that ecosystem, adoption is modest: TLS, the Web PKI, popular blockchains and most file-distribution checksums standardized on SHA-2. Tooling support exists in OpenSSL (openssl dgst -whirlpool), libgcrypt, and Python via hashlib.new('whirlpool') when the underlying OpenSSL build includes legacy providers.

$ echo -n "hello" | openssl dgst -whirlpool
WHIRLPOOL(stdin)= 9c1d4f1a...e6c5

Why limited adoption?

Technical merit alone does not win standards battles. By the time Whirlpool was published in 2000, the U.S. government had already committed to SHA-2 (FIPS 180-2, 2002) and later ran the open SHA-3 competition. Industry follows NIST and IETF; without a champion in those bodies, Whirlpool stayed niche — solid algorithm, narrow ecosystem.

FAQ

Is Whirlpool safe to use today? No public break exists, so for non-critical use it is acceptable. For new designs, prefer SHA-512 or SHA-3-512 — they have far more cryptanalysis behind them and are universally available.

Whirlpool or SHA-512 for file integrity? SHA-512 is the safer institutional choice: comparable output size (512 bits), much wider tool support, and hardware-accelerated on modern CPUs.

Can I use Whirlpool to hash passwords? No. Generic hashes — Whirlpool, SHA-2, BLAKE3, all of them — are designed to be fast, which is exactly the wrong property for password storage. Use Argon2id, scrypt or bcrypt.

Does VeraCrypt still support Whirlpool? Yes. VeraCrypt 1.x continues to list Whirlpool alongside SHA-256, SHA-512, BLAKE2s and Streebog as a header key-derivation option.

Does this tool send my data to a server? No. The hash is computed entirely client-side in your browser.