Developer

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes instantly

All hashing runs in your browser β€” nothing is sent to a server.

MD5Broken
Enter text above to generate hash…
SHA-1Deprecated
Enter text above to generate hash…
SHA-256Secure
Enter text above to generate hash…
SHA-512Secure
Enter text above to generate hash…

What Is a Cryptographic Hash?

A hash function takes an input of any length and produces a fixed-size output β€” the hash or digest. Like a fingerprint for data: identical inputs always produce identical outputs, but even a single changed character produces a completely different hash. This is called the avalanche effect.

This tool computes four common hash algorithms simultaneously:

  • MD5 β€” 128-bit / 32 hex characters. Fast, widely used for checksums, but cryptographically broken β€” collisions are computationally feasible.
  • SHA-1 β€” 160-bit / 40 hex characters. Deprecated for security use (collision found in 2017), still used in Git and some legacy systems.
  • SHA-256 β€” 256-bit / 64 hex characters. Part of the SHA-2 family. The current standard for document signing, HTTPS certificates, and Bitcoin.
  • SHA-512 β€” 512-bit / 128 hex characters. More collision resistance than SHA-256; used when maximum security margin is required.

Common Use Cases

File Integrity Verification

Software distributors publish SHA-256 checksums alongside downloads. After downloading, compute the hash and compare it to the published value. If they match, the file is authentic and unmodified. If they differ, the file may be corrupted or tampered with.

Data Deduplication

Hash the content of files or database records and compare hashes to detect duplicates β€” far faster than comparing bytes directly. Git uses SHA-1/SHA-256 this way to identify every file and commit in a repository.

API Request Signing (HMAC)

HMAC (Hash-based Message Authentication Code) uses a secret key combined with SHA-256 to sign API requests, proving they came from an authenticated source and were not tampered with in transit. AWS, Stripe, and most modern APIs use HMAC-SHA256.

What Hash Algorithms Should I Use?

  • Checksums / integrity checks: SHA-256 (or MD5 if compatibility with legacy systems is required)
  • Digital signatures / certificates: SHA-256 minimum (SHA-384 or SHA-512 for high-value use cases)
  • Password storage: Do NOT use any of these directly. Use bcrypt, Argon2id, or PBKDF2 with a high iteration count.
  • Git / version control: SHA-1 (legacy) or SHA-256 (new Git repositories)
  • API signing (HMAC): HMAC-SHA256

Privacy: All Hashing Is Done in Your Browser

This tool uses the browser's built-in Web Crypto API for SHA-1, SHA-256, and SHA-512, and a pure JavaScript implementation for MD5. No data leaves your device. The tool works offline.

Frequently Asked Questions

What is a hash function?
A hash function takes any input (text, file, etc.) and produces a fixed-length output called a hash, digest, or checksum. The same input always produces the same hash. Even a tiny change in the input produces a completely different hash β€” this is called the avalanche effect. Hash functions are one-way: you cannot recover the original input from the hash alone.
What is the difference between MD5, SHA-1, SHA-256, and SHA-512?
MD5 produces a 128-bit (32 hex character) hash and is fast, but has known collision vulnerabilities β€” two different inputs can produce the same hash. SHA-1 produces 160 bits (40 hex chars) and is also considered cryptographically broken for security purposes. SHA-256 and SHA-512 are part of the SHA-2 family designed by the NSA; they produce 256-bit and 512-bit outputs respectively and are currently considered cryptographically secure. For any security-sensitive application, use SHA-256 or stronger.
What are hash functions used for?
Common uses include: file integrity verification (compare hashes to detect corruption or tampering), password storage (store the hash, never the plaintext β€” but use bcrypt/Argon2, not MD5/SHA for this), digital signatures, data indexing (hash tables), version control (Git uses SHA-1/SHA-256 to identify commits and blobs), and API request signing (HMAC-SHA256).
Is it safe to hash passwords with SHA-256?
No β€” SHA-256 alone is not safe for password hashing. Because SHA-256 is extremely fast, attackers can compute billions of hashes per second using GPUs to crack passwords via brute-force or rainbow tables. For passwords, use a slow, salted key-derivation function like bcrypt, Argon2, or PBKDF2. These are purpose-built to be computationally expensive, which makes brute-force attacks impractical.
Can I reverse a hash to get the original input?
No β€” cryptographic hash functions are designed to be one-way (preimage resistant). There is no mathematical algorithm to reverse them. However, short or common inputs (like weak passwords) can still be cracked using precomputed rainbow tables or brute force, because an attacker can compute hashes of millions of candidate inputs and look for a match. This is why password salting and slow hash algorithms are essential.
Is this tool sending my data anywhere?
No. All hashing in this tool runs entirely in your browser using the built-in Web Crypto API (for SHA-1, SHA-256, SHA-512) and a pure JavaScript MD5 implementation. No text you enter is ever sent to a server. You can verify this by going offline β€” the tool still works.

Related Tools

Base64 Encoder / Decoder
Encode and decode Base64 strings instantly
Password Generator
Generate strong, random passwords instantly