Hash Generator (MD5, SHA-256)
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes instantly. Secure client-side hashing using Web Crypto API.
Compute MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes of any text in your browser using the native Web Crypto API. Useful for verifying file integrity, comparing downloads against published checksums, or hashing data for cache keys. No input is uploaded — everything runs locally.
A cryptographic hash turns any input into a fixed-length fingerprint. Identical inputs always produce identical outputs; a one-bit change produces a wildly different hash. That makes hashes useful for integrity checks (did my download arrive intact?), content-addressed storage (what's the ID of this blob?), and in combination with salts, password storage.
Not all hash functions are equal. MD5 and SHA-1 are broken for security-sensitive use — researchers have demonstrated practical collisions where two different inputs produce the same hash. They're still fine for non-adversarial integrity checks (spotting accidental corruption), but never use them for signatures, certificates, or password storage. SHA-256 and SHA-512 remain secure and are what you should reach for by default.
For password hashing specifically, don't use plain SHA-256 either — use a slow, memory-hard function like bcrypt, scrypt, or Argon2. Plain hashes are too fast, making them trivial to brute-force. This tool is for content fingerprinting, not password storage.
- 1
Paste your input
Drop text, a URL, a JSON blob, or paste any content into the input field. Hashing works on the exact bytes you provide, including whitespace.
- 2
Pick an algorithm
MD5 and SHA-1 for checksums of trusted content. SHA-256 or SHA-512 for anything where collision resistance matters.
- 3
Read the hex output
The hash is shown as lowercase hex. Most published checksums use this format, so you can paste-compare directly.
- 4
Compare against expected value
Paste in the expected hash (from a download page or manifest) and the tool highlights whether they match.
Verifying downloads
Check a downloaded ISO or installer against the vendor's published SHA-256 to catch corruption or tampering.
Cache keys
Hash a request's parameters to produce a short, deterministic cache key.
Data deduplication
Use SHA-256 fingerprints to detect duplicate files or documents across a dataset.
Git-style content IDs
Generate SHA-1 or SHA-256 hashes to use as immutable content-addressed identifiers.
Why are MD5 and SHA-1 listed if they're broken?
They're broken for adversarial security use — you shouldn't sign documents or certificates with them. But they're still fine (and faster) for non-security checksums, like verifying an uncorrupted download from a trusted source.
Can I use this to hash a password?
Don't hash passwords with plain SHA-256. Fast hash functions can be brute-forced at billions per second. For passwords, use a purpose-built slow function like bcrypt, scrypt, or Argon2 — or delegate to an identity provider.
Does this tool hash files?
This tool hashes text input. For hashing a file's bytes, use a companion tool or drop the file into a file-hashing utility. Command-line tools like sha256sum are also a good option for large files.
Why is my hash different from another tool's?
Usually it's a whitespace or newline difference. Hashes are byte-sensitive — a trailing newline changes the result. Another common cause is character encoding (UTF-8 vs Latin-1).
Is the hash reversible?
No. Hashes are one-way by design. You can't recover the input from the hash. Sites that claim to 'decrypt' a hash are just looking up precomputed rainbow tables of common inputs.