I need to convert strings to some form of hash. Is this possible in JavaScript?

I’m not utilizing a server-side language so I can’t do it that way.

Skip to content
# Generate a Hash from string in Javascript

## The Question :

*656 people think this question is useful*
*The Question Comments :*
## The Answer 1

*841 people think this answer is useful*
## The Answer 2

*160 people think this answer is useful*
## The Answer 3

*114 people think this answer is useful*
## The Answer 4

*92 people think this answer is useful*

## The Answer 5

*71 people think this answer is useful*
## The Answer 6

*30 people think this answer is useful*
## The Answer 7

*29 people think this answer is useful*
## The Answer 8

*29 people think this answer is useful*
## The Answer 9

*7 people think this answer is useful*
## The Answer 10

*6 people think this answer is useful*
## The Answer 11

*6 people think this answer is useful*
## The Answer 12

*5 people think this answer is useful*
## The Answer 13

*5 people think this answer is useful*
# SubtleCrypto.digest

## The Answer 14

*3 people think this answer is useful*
## The Answer 15

*2 people think this answer is useful*
## The Answer 16

*2 people think this answer is useful*
## The Answer 17

*2 people think this answer is useful*
## The Answer 18

*2 people think this answer is useful*
## The Answer 19

*1 people think this answer is useful*
## The Answer 20

*1 people think this answer is useful*
## The Answer 21

*0 people think this answer is useful*
## The Answer 22

*0 people think this answer is useful*
## The Answer 23

*-1 people think this answer is useful*

2021-01-09

I need to convert strings to some form of hash. Is this possible in JavaScript?

I’m not utilizing a server-side language so I can’t do it that way.

- MD5 is not secure, so don’t look for that one.
- @henrikstroem Depends on what you are hashing; there’s nothing wrong with using md5 to make a hash for non-security purposes.
- @BradKoch Depends on what you are doing; there’s nothing wrong for using md5 for security purposes. There are certainly better methods for hashing passwords, but md5 is just fine for doing things like signing a URL.
- I find it funny that while MD5 is criticised in comments here, almost all answers recommend much worse hash algorithms and get lots of upvotes.
- Using MD5 to verify that a download came intact is not magically going to email your passwords to all your co-workers.

Object.defineProperty(String.prototype, 'hashCode', { value: function() { var hash = 0, i, chr; for (i = 0; i < this.length; i++) { chr = this.charCodeAt(i); hash = ((hash << 5) - hash) + chr; hash |= 0; // Convert to 32bit integer } return hash; } });

Source: http://werxltd.com/wp/2010/05/13/javascript-implementation-of-javas-string-hashcode-method/

**EDIT**

based on my jsperf tests, the accepted answer is actually faster: http://jsperf.com/hashcodelordvlad

**ORIGINAL**

if anyone is interested, here is an improved ( faster ) version, which will fail on older browsers who lack the `reduce`

array function.

hashCode = function(s){ return s.split("").reduce(function(a,b){a=((a<<5)-a)+b.charCodeAt(0);return a&a},0); }

one-liner arrow function version :

hashCode = s => s.split('').reduce((a,b)=>{a=((a<<5)-a)+b.charCodeAt(0);return a&a},0)

Note:Even with the best 32-bit hash, collisionswilloccur sooner or later.The hash collision probablility can be calculated as , aproximated as (see here). This may be higher than intuition suggests:

Assuming a 32-bit hash and k=10,000 items, a collision will occur with a probablility of 1.2%. For 77,163 samples the probability becomes 50%! (calculator).

I suggest a workaround at the bottom.

In an answer to this question
Which hashing algorithm is best for uniqueness and speed?,
Ian Boyd posted a good in depth analysis.
In short (as I interpret it), he comes to the conclusion that Murmur is best, followed by FNV-1a.

Java’s String.hashCode() algorithm that esmiralha proposed seems to be a variant of DJB2.

- FNV-1a has a a better distribution than DJB2, but is slower
- DJB2 is faster than FNV-1a, but tends to yield more collisions
- MurmurHash3 is better and faster than DJB2 and FNV-1a (but the optimized implementation requires more lines of code than FNV and DJB2)

Some benchmarks with large input strings here: http://jsperf.com/32-bit-hash

When *short* input strings are hashed, murmur’s performance drops, relative to DJ2B and FNV-1a: http://jsperf.com/32-bit-hash/3

**So in general I would recommend murmur3.**

See here for a JavaScript implementation:
https://github.com/garycourt/murmurhash-js

If input strings are short and performance is more important than distribution quality, use DJB2 (as proposed by the accepted answer by esmiralha).

If quality and small code size are more important than speed, I use this implementation of FNV-1a (based on this code).

/** * Calculate a 32 bit FNV-1a hash * Found here: https://gist.github.com/vaiorabbit/5657561 * Ref.: http://isthe.com/chongo/tech/comp/fnv/ * * @param {string} str the input value * @param {boolean} [asString=false] set to true to return the hash value as * 8-digit hex string instead of an integer * @param {integer} [seed] optionally pass the hash of the previous chunk * @returns {integer | string} */ function hashFnv32a(str, asString, seed) { /*jshint bitwise:false */ var i, l, hval = (seed === undefined) ? 0x811c9dc5 : seed; for (i = 0, l = str.length; i < l; i++) { hval ^= str.charCodeAt(i); hval += (hval << 1) + (hval << 4) + (hval << 7) + (hval << 8) + (hval << 24); } if( asString ){ // Convert to 8 digit hex string return ("0000000" + (hval >>> 0).toString(16)).substr(-8); } return hval >>> 0; }

**Improve Collision Probability**

As explained here, we can extend the hash bit size using this trick:

function hash64(str) { var h1 = hash32(str); // returns 32 bit (as 8 byte hex string) return h1 + hash32(h1 + str); // 64 bit (as 16 byte hex string) }

Use it with care and don’t expect too much though.

About half of the answers here are the same `String.hashCode`

hash function taken from Java. It dates back to 1981 from Gosling Emacs, is extremely weak, and makes zero sense performance-wise in modern JavaScript. In fact, implementations could be significantly faster by using ES6 `Math.imul`

, but no one took notice. We can do much better than this, at essentially identical performance.

Here’s something I did—**cyrb53**, a simple but high quality 53-bit hash. It’s quite fast, provides very good hash distribution, and has significantly lower collision rates compared to *any* 32-bit hash.

const cyrb53 = function(str, seed = 0) { let h1 = 0xdeadbeef ^ seed, h2 = 0x41c6ce57 ^ seed; for (let i = 0, ch; i < str.length; i++) { ch = str.charCodeAt(i); h1 = Math.imul(h1 ^ ch, 2654435761); h2 = Math.imul(h2 ^ ch, 1597334677); } h1 = Math.imul(h1 ^ (h1>>>16), 2246822507) ^ Math.imul(h2 ^ (h2>>>13), 3266489909); h2 = Math.imul(h2 ^ (h2>>>16), 2246822507) ^ Math.imul(h1 ^ (h1>>>13), 3266489909); return 4294967296 * (2097151 & h2) + (h1>>>0); };

It is similar to the well-known MurmurHash/xxHash algorithms, it uses a combination of multiplication and Xorshift to generate the hash, but not as thorough. As a result it’s faster than either in JavaScript and significantly simpler to implement. Furthermore, keep in mind this is not a secure algorithm, if privacy/security is a concern, this is not for you.

Like any proper hash, it has an avalanche effect, which basically means small changes in the input have big changes in the output making the resulting hash appear more ‘random’:

"501c2ba782c97901" = cyrb53("a") "459eda5bc254d2bf" = cyrb53("b") "fbce64cc3b748385" = cyrb53("revenge") "fb1d85148d13f93a" = cyrb53("revenue")

You can also supply a seed for alternate streams of the same input:

"76fee5e6598ccd5c" = cyrb53("revenue", 1) "1f672e2831253862" = cyrb53("revenue", 2) "2b10de31708e6ab7" = cyrb53("revenue", 3)

Technically, it is a 64-bit hash, that is, two uncorrelated 32-bit hashes computed in parallel, but JavaScript is limited to 53-bit integers. If convenient, the full 64-bit output can be used by altering the *return statement* with a hex string or array.

return [h2>>>0, h1>>>0]; // or return (h2>>>0).toString(16).padStart(8,0)+(h1>>>0).toString(16).padStart(8,0);

Be aware that constructing hex strings drastically slows down batch processing. The array is more efficient, but obviously requires two checks instead of one.

Just for fun, here’s the smallest hash I could come up with that’s still decent. It’s a 32-bit hash in **89 chars** with better quality randomness than even FNV or DJB2:

TSH=s=>{for(var i=0,h=9;i<s.length;)h=Math.imul(h^s.charCodeAt(i++),9**9);return h^h>>>9}

Based on accepted answer in ES6. Smaller, maintainable and works in modern browsers.

function hashCode(str) { return str.split('').reduce((prevHash, currVal) => (((prevHash << 5) - prevHash) + currVal.charCodeAt(0))|0, 0); } // Test console.log("hashCode(\"Hello!\"): ", hashCode('Hello!'));

**EDIT (2019-11-04)**:

one-liner arrow function version :

const hashCode = s => s.split('').reduce((a,b) => (((a << 5) - a) + b.charCodeAt(0))|0, 0) // test console.log(hashCode('Hello!'))

I’m a bit surprised nobody has talked about the new SubtleCrypto API yet.

To get an hash from a string, you can use the `subtle.digest`

method :

function getHash(str, algo = "SHA-256") { let strBuf = new TextEncoder('utf-8').encode(str); return crypto.subtle.digest(algo, strBuf) .then(hash => { window.hash = hash; // here hash is an arrayBuffer, // so we'll connvert it to its hex version let result = ''; const view = new DataView(hash); for (let i = 0; i < hash.byteLength; i += 4) { result += ('00000000' + view.getUint32(i).toString(16)).slice(-8); } return result; }); } getHash('hello world') .then(hash => { console.log(hash); });

If it helps anyone, I combined the top two answers into an older-browser-tolerant version, which uses the fast version if `reduce`

is available and falls back to esmiralha’s solution if it’s not.

/** * @see http://stackoverflow.com/q/7616461/940217 * @return {number} */ String.prototype.hashCode = function(){ if (Array.prototype.reduce){ return this.split("").reduce(function(a,b){a=((a<<5)-a)+b.charCodeAt(0);return a&a},0); } var hash = 0; if (this.length === 0) return hash; for (var i = 0; i < this.length; i++) { var character = this.charCodeAt(i); hash = ((hash<<5)-hash)+character; hash = hash & hash; // Convert to 32bit integer } return hash; }

Usage is like:

var hash = "some string to be hashed".hashCode();

This is a refined and better performing variant:

String.prototype.hashCode = function() { var hash = 0, i = 0, len = this.length; while ( i < len ) { hash = ((hash << 5) - hash + this.charCodeAt(i++)) << 0; } return hash; };

This matches Java’s implementation of the standard `object.hashCode()`

Here is also one that returns only positive hashcodes:

String.prototype.hashcode = function() { return (this.hashCode() + 2147483647) + 1; };

And here is a matching one for Java that only returns positive hashcodes:

public static long hashcode(Object obj) { return ((long) obj.hashCode()) + Integer.MAX_VALUE + 1l; }

Enjoy!

Without prototype:

function hashCode(str) { var hash = 0, i = 0, len = str.length; while ( i < len ) { hash = ((hash << 5) - hash + str.charCodeAt(i++)) << 0; } return hash; }

Thanks to the example by mar10, I found a way to get the same results in C# AND Javascript for an FNV-1a. If unicode chars are present, the upper portion is discarded for the sake of performance. Don’t know why it would be helpful to maintain those when hashing, as am only hashing url paths for now.

**C# Version**

private static readonly UInt32 FNV_OFFSET_32 = 0x811c9dc5; // 2166136261 private static readonly UInt32 FNV_PRIME_32 = 0x1000193; // 16777619 // Unsigned 32bit integer FNV-1a public static UInt32 HashFnv32u(this string s) { // byte[] arr = Encoding.UTF8.GetBytes(s); // 8 bit expanded unicode array char[] arr = s.ToCharArray(); // 16 bit unicode is native .net UInt32 hash = FNV_OFFSET_32; for (var i = 0; i < s.Length; i++) { // Strips unicode bits, only the lower 8 bits of the values are used hash = hash ^ unchecked((byte)(arr[i] & 0xFF)); hash = hash * FNV_PRIME_32; } return hash; } // Signed hash for storing in SQL Server public static Int32 HashFnv32s(this string s) { return unchecked((int)s.HashFnv32u()); }

**JavaScript Version**

var utils = utils || {}; utils.FNV_OFFSET_32 = 0x811c9dc5; utils.hashFnv32a = function (input) { var hval = utils.FNV_OFFSET_32; // Strips unicode bits, only the lower 8 bits of the values are used for (var i = 0; i < input.length; i++) { hval = hval ^ (input.charCodeAt(i) & 0xFF); hval += (hval << 1) + (hval << 4) + (hval << 7) + (hval << 8) + (hval << 24); } return hval >>> 0; } utils.toHex = function (val) { return ("0000000" + (val >>> 0).toString(16)).substr(-8); }

A fast and concise one which was adapted from here:

String.prototype.hashCode = function() { var hash = 5381, i = this.length while(i) hash = (hash * 33) ^ this.charCodeAt(--i) return hash >>> 0; }

My quick (very long) one liner based on FNV’s `Multiply+Xor`

method:

my_string.split('').map(v=>v.charCodeAt(0)).reduce((a,v)=>a+((a<<7)+(a<<3))^v).toString(16);

I needed a similar function (but different) to generate a unique-ish ID based on the username and current time. So:

window.newId = -> # create a number based on the username unless window.userNumber? window.userNumber = 0 for c,i in window.MyNamespace.userName char = window.MyNamespace.userName.charCodeAt(i) window.MyNamespace.userNumber+=char ((window.MyNamespace.userNumber + Math.floor(Math.random() * 1e15) + new Date().getMilliseconds()).toString(36)).toUpperCase()

Produces:

2DVFXJGEKL 6IZPAKFQFL ORGOENVMG ... etc

edit Jun 2015: For new code I use shortid: https://www.npmjs.com/package/shortid

I’m not utilizing a server-side language so I can’t do it that way.

Are you sure you can’t do it *that way*?

Did you forget you’re using Javascript, the language ever-evolving?

Try `SubtleCrypto`

. It supports SHA-1, SHA-128, SHA-256, and SHA-512 hash functions.

async function hash(message/*: string */) { const text_encoder = new TextEncoder; const data = text_encoder.encode(message); const message_digest = await window.crypto.subtle.digest("SHA-512", data); return message_digest; } // -> ArrayBuffer function in_hex(data/*: ArrayBuffer */) { const octets = new Uint8Array(data); const hex = [].map.call(octets, octet => octet.toString(16).padStart(2, "0")).join(""); return hex; } // -> string (async function demo() { console.log(in_hex(await hash("Thanks for the magic."))); })();

I’m kinda late to the party, but you can use this module: **crypto**:

const crypto = require('crypto'); const SALT = '$ome$alt'; function generateHash(pass) { return crypto.createHmac('sha256', SALT) .update(pass) .digest('hex'); }

The result of this function is always is `64`

characters string; something like this: `"aa54e7563b1964037849528e7ba068eb7767b1fab74a8d80fe300828b996714a"`

I have combined the two solutions (users esmiralha and lordvlad) to get a function that should be faster for browsers that support the js function **reduce()** and still compatible with old browsers:

String.prototype.hashCode = function() { if (Array.prototype.reduce) { return this.split("").reduce(function(a,b){a=((a<<5)-a)+b.charCodeAt(0);return a&a},0); } else { var hash = 0, i, chr, len; if (this.length == 0) return hash; for (i = 0, len = this.length; i < len; i++) { chr = this.charCodeAt(i); hash = ((hash << 5) - hash) + chr; hash |= 0; // Convert to 32bit integer } return hash; } };

Example:

my_string = 'xyz'; my_string.hashCode();

If you want to avoid collisions you may want to use a secure hash like SHA-256. There are several JavaScript SHA-256 implementations.

I wrote tests to compare several hash implementations, see https://github.com/brillout/test-javascript-hash-implementations.

Or go to http://brillout.github.io/test-javascript-hash-implementations/, to run the tests.

Adding this because nobody did yet, and this seems to be asked for and implemented a lot with hashes, but it’s always done very poorly…

This takes a string input, and a maximum number you want the hash to equal, and produces a unique number based on the string input.

You can use this to produce a unique index into an array of images (If you want to return a specific avatar for a user, chosen at random, but also chosen based on their name, so it will always be assigned to someone with that name).

You can also use this, of course, to return an index into an array of colors, like for generating unique avatar background colors based on someone’s name.

function hashInt (str, max = 1000) { var hash = 0; for (var i = 0; i < str.length; i++) { hash = ((hash << 5) - hash) + str.charCodeAt(i); hash = hash & hash; } return Math.round(max * Math.abs(hash) / 2147483648); }

Here is a compact ES6 friendly readable snippet

const stringHashCode = str => { let hash = 0 for (let i = 0; i < str.length; ++i) hash = (Math.imul(31, hash) + str.charCodeAt(i)) | 0 return hash }

I went for a simple concatenation of char codes converted to hex strings. This serves a relatively narrow purpose, namely just needing a hash representation of a SHORT string (e.g. titles, tags) to be exchanged with a server side that for not relevant reasons can’t easily implement the accepted hashCode Java port. Obviously no security application here.

String.prototype.hash = function() { var self = this, range = Array(this.length); for(var i = 0; i < this.length; i++) { range[i] = i; } return Array.prototype.map.call(range, function(i) { return self.charCodeAt(i).toString(16); }).join(''); }

This can be made more terse and browser-tolerant with Underscore. Example:

"Lorem Ipsum".hash() "4c6f72656d20497073756d"

I suppose if you wanted to hash larger strings in similar fashion you could just reduce the char codes and hexify the resulting sum rather than concatenate the individual characters together:

String.prototype.hashLarge = function() { var self = this, range = Array(this.length); for(var i = 0; i < this.length; i++) { range[i] = i; } return Array.prototype.reduce.call(range, function(sum, i) { return sum + self.charCodeAt(i); }, 0).toString(16); } 'One time, I hired a monkey to take notes for me in class. I would just sit back with my mind completely blank while the monkey scribbled on little pieces of paper. At the end of the week, the teacher said, "Class, I want you to write a paper using your notes." So I wrote a paper that said, "Hello! My name is Bingo! I like to climb on things! Can I have a banana? Eek, eek!" I got an F. When I told my mom about it, she said, "I told you, never trust a monkey!"'.hashLarge() "9ce7"

Naturally more risk of collision with this method, though you could fiddle with the arithmetic in the reduce however you wanted to diversify and lengthen the hash.

Slightly simplified version of @esmiralha’s answer.

I don’t override String in this version, since that could result in some undesired behaviour.

function hashCode(str) { var hash = 0; for (var i = 0; i < str.length; i++) { hash = ~~(((hash << 5) - hash) + str.charCodeAt(i)); } return hash; }

I do not see any reason to use this overcomplicated crypto code instead of ready-to-use solutions, like object-hash library, or etc. relying on vendor is more productive, saves time and reduces maintenance cost.

Just use https://github.com/puleos/object-hash

var hash = require('object-hash'); hash({foo: 'bar'}) // => '67b69634f9880a282c14a0f0cb7ba20cf5d677e9' hash([1, 2, 2.718, 3.14159]) // => '136b9b88375971dff9f1af09d7356e3e04281951'

This generates a consistent hash based on any number of params passed in:

/** * Generates a hash from params passed in * @returns {string} hash based on params */ function fastHashParams() { var args = Array.prototype.slice.call(arguments).join('|'); var hash = 0; if (args.length == 0) { return hash; } for (var i = 0; i < args.length; i++) { var char = args.charCodeAt(i); hash = ((hash << 5) - hash) + char; hash = hash & hash; // Convert to 32bit integer } return String(hash); }

`fastHashParams('hello world')`

outputs `"990433808"`

`fastHashParams('this',1,'has','lots','of','params',true)`

outputs `"1465480334"`

*This should be a bit more secure hash than some other answers, but in a function, without any preloaded source*

I created basicly a minified **simplified** version of sha1.

You take the bytes of the string and group them by 4 to 32bit “words”

Then we extend every 8 words to 40 words (for bigger impact on the result).

This goes to the hashing function (the last reduce) where we do some maths with the current state and the input. We always get 4 words out.

This is almost a one-command/one-line version using map,reduce… instead of loops, but it is still pretty fast

String.prototype.hash = function(){ var rot = (word, shift) => word << shift | word >>> (32 - shift); return unescape(encodeURIComponent(this.valueOf())).split("").map(char => char.charCodeAt(0) ).reduce((done, byte, idx, arr) => idx % 4 == 0 ? [...done, arr.slice(idx, idx + 4)] : done , []).reduce((done, group) => [...done, group[0] << 24 | group[1] << 16 | group[2] << 8 | group[3]] , []).reduce((done, word, idx, arr) => idx % 8 == 0 ? [...done, arr.slice(idx, idx + 8)] : done , []).map(group => { while(group.length < 40) group.push(rot(group[group.length - 2] ^ group[group.length - 5] ^ group[group.length - 8], 3)); return group; }).flat().reduce((state, word, idx, arr) => { var temp = ((state[0] + rot(state[1], 5) + word + idx + state[3]) & 0xffffffff) ^ state[idx % 2 == 0 ? 4 : 5](state[0], state[1], state[2]); state[0] = rot(state[1] ^ state[2], 11); state[1] = ~state[2] ^ rot(~state[3], 19); state[2] = rot(~state[3], 11); state[3] = temp; return state; }, [0xbd173622, 0x96d8975c, 0x3a6d1a23, 0xe5843775, (w1, w2, w3) => (w1 & rot(w2, 5)) | (~rot(w1, 11) & w3), (w1, w2, w3) => w1 ^ rot(w2, 5) ^ rot(w3, 11)] ).slice(0, 4).map(p => p >>> 0 ).map(word => ("0000000" + word.toString(16)).slice(-8) ).join(""); };

we also convert the output to hex to get a string instead of word array.

Usage is simple. for expample `"a string".hash()`

will return `"88a09e8f9cc6f8c71c4497fbb36f84cd"`

String.prototype.hash = function(){ var rot = (word, shift) => word << shift | word >>> (32 - shift); return unescape(encodeURIComponent(this.valueOf())).split("").map(char => char.charCodeAt(0) ).reduce((done, byte, idx, arr) => idx % 4 == 0 ? [...done, arr.slice(idx, idx + 4)] : done , []).reduce((done, group) => [...done, group[0] << 24 | group[1] << 16 | group[2] << 8 | group[3]] , []).reduce((done, word, idx, arr) => idx % 8 == 0 ? [...done, arr.slice(idx, idx + 8)] : done , []).map(group => { while(group.length < 40) group.push(rot(group[group.length - 2] ^ group[group.length - 5] ^ group[group.length - 8], 3)); return group; }).flat().reduce((state, word, idx, arr) => { var temp = ((state[0] + rot(state[1], 5) + word + idx + state[3]) & 0xffffffff) ^ state[idx % 2 == 0 ? 4 : 5](state[0], state[1], state[2]); state[0] = rot(state[1] ^ state[2], 11); state[1] = ~state[2] ^ rot(~state[3], 19); state[2] = rot(~state[3], 11); state[3] = temp; return state; }, [0xbd173622, 0x96d8975c, 0x3a6d1a23, 0xe5843775, (w1, w2, w3) => (w1 & rot(w2, 5)) | (~rot(w1, 11) & w3), (w1, w2, w3) => w1 ^ rot(w2, 5) ^ rot(w3, 11)] ).slice(0, 4).map(p => p >>> 0 ).map(word => ("0000000" + word.toString(16)).slice(-8) ).join(""); }; let str = "the string could even by empty"; console.log(str.hash())//9f9aeca899367572b875b51be0d566b5