← All tools
// HASH & CRYPTO

NTLM Hash online

Generate the NTLM hash (MD4 of UTF-16LE) for any string — browser-side, no upload.

NTLM Hash Calculator logo
by
CHUNKY
MUNSTER
INPUT STRING
// NTLM HASH

About NTLM Hash

NTLM (NT LAN Manager) uses MD4 applied to the UTF-16 little-endian encoding of the password. It is used in Windows authentication. This tool computes the NTLM hash entirely in your browser using a pure-JavaScript MD4 implementation — nothing is sent to a server.

Other hash tools

How to Use the NTLM Hash Calculator

  1. Type or paste the password into the input field.
  2. Click Generate NTLM Hash.
  3. Copy the 32-character uppercase hex string for use with hashcat (-m 1000), john --format=NT, or your test harness.
  4. Click Clear to wipe both the input and the result from the page.

The NTLM hash — also called the NT hash — is what Windows actually stores for local accounts in the SAM and for domain accounts in Active Directory's NTDS.dit. It is computed by re-encoding the plaintext password as UTF-16 little-endian and running it through MD4. There is no salt, no iteration count and no per-user variance, which is the whole reason pass-the-hash attacks work: capture the 16-byte digest and you can authenticate as the user without ever knowing the password.

How the NTLM Hash Calculator Works

This tool replicates that algorithm in your browser. Web Crypto does not expose MD4 (it has been considered broken for two decades), so the page bundles a small MD4 implementation written in JavaScript. The plaintext is encoded one code unit at a time as little-endian 16-bit pairs and fed straight into MD4; the output is uppercased to match the format hashcat -m 1000 and john --format=NT expect. Use it for CTF challenges, AD lab work and verifying captured hashes — not for protecting real credentials.

Frequently Asked Questions

Why is the NT hash still called NTLM in most tools?

The NT hash is the password half of the NTLM authentication protocol, so the names are used interchangeably. Tools like hashcat (mode 1000), john --format=NT and mimikatz all label it 'NTLM' even though strictly it is just the MD4 password digest.

Why is MD4 still in use in 2026?

Because Windows still stores it that way for backward compatibility with the SAM database and Active Directory's NTDS.dit. MD4 is broken — collisions are trivial — which is exactly why pass-the-hash and offline cracking against captured NT hashes are so effective.

Why UTF-16 little-endian instead of UTF-8?

Windows internally represents passwords as wide (UCS-2/UTF-16LE) strings, so the hash is taken over those bytes rather than UTF-8. That is also why 'password' hashes to 8846F7EAEE8FB117AD06BDD830B7586C, not the value you would get from MD4 of the ASCII bytes.

Can I use this output directly in hashcat?

Yes. Save the 32-character uppercase hex value to a file and run hashcat -m 1000. The hash format is identical whether it came from Windows, Responder, secretsdump.py or this page.

Explore the full suite of HASH & CRYPTO tools and 290+ other free utilities at Chunky Munster.