Hash Generator
Generate MD5, SHA-1, SHA-256, SHA-512 hashes.
About Hash Functions
A hash function takes input of any length and produces a fixed-length output. The same input always produces the same hash. SHA-256 and SHA-512 are recommended for security use. MD5 and SHA-1 are broken for cryptographic purposes but still used for checksums.
FAQ
- Which algorithm should I use?
- SHA-256 for general security use. SHA-512 for higher security. MD5/SHA-1 only for non-security checksums (file integrity verification).
- Can hashes be reversed?
- No. Hash functions are one-way. You can't reconstruct the input from the hash.
- Are these computed locally?
- Yes. SHA variants use the browser's Web Crypto API. MD5 uses a local implementation. Nothing leaves your browser.
ABOUT THIS TOOL
Type or paste any text to instantly generate its MD5, SHA-1, SHA-256, or SHA-512 hash. A hash function takes input of any length and produces a fixed-size fingerprint — MD5 outputs 128 bits, SHA-1 outputs 160 bits, SHA-256 outputs 256 bits, and SHA-512 outputs 512 bits — and changing even a single character in the input produces a completely different hash. MD5 and SHA-1 are fast but cryptographically broken against deliberate collision attacks, so they're fine for checksums but unsuitable for security-sensitive use; SHA-256 and SHA-512 are the current standards for that. Used to verify file integrity, compare passwords, generate checksums, or test hashing behavior in an application, all computed locally in your browser.
HOW TO USE
- Paste or type the text you want to hash.
- Select which algorithm to generate — MD5, SHA-1, SHA-256, or SHA-512.
- Read off the resulting hex-encoded hash string.
- Compare it character-for-character against a known-good hash to verify integrity.
- Copy the hash for use in a checksum file, commit message, or verification script.
- Change a single character in the input to see how completely the output hash changes.
COMMON USE CASES
- Someone downloading a software installer compares its SHA-256 checksum against the one published on the vendor's site to confirm the file wasn't tampered with.
- A developer testing a password-hashing feature checks what SHA-256 or MD5 of a test string looks like before wiring up bcrypt in real code.
- A student learning about cryptography experiments with how a one-character change in input completely alters the hash output.
- A DevOps engineer generates a checksum for a config file to detect unintended changes between deployments.
- Someone verifying a Git commit or file signature manually hashes content to cross-check against a reported hash value.
TIPS & COMMON MISTAKES
- MD5 and SHA-1 are considered cryptographically broken for security purposes (both have known collision attacks) — use them only for non-adversarial checksums, never for passwords or signatures.
- Never hash passwords with a plain hash function like SHA-256 alone for storage; real password storage needs a slow, salted algorithm like bcrypt, scrypt, or Argon2 to resist brute-force attacks.
- The same input always produces the same hash with a given algorithm, but different algorithms produce completely unrelated-looking outputs of different lengths for the same text.
- Even a single trailing space or newline changes the entire hash, so when comparing checksums make sure you're hashing the exact same bytes (watch for line-ending differences between operating systems).
MORE QUESTIONS
- Which hash algorithm should I use for verifying a downloaded file?
- SHA-256 is the current common standard for file integrity checks; MD5 and SHA-1 checksums still appear on older sites but are only meaningful against accidental corruption, not deliberate tampering.
- Can a hash be reversed back into the original text?
- No, a proper cryptographic hash function is one-way by design — you can only compare a hash of a candidate input against a known hash to check for a match, not derive the original text from the hash alone.
- Why do MD5 and SHA-1 still exist if they're broken?
- They're broken specifically against deliberate collision attacks (someone crafting two different inputs with the same hash), which matters for security contexts like certificates, but they're still fine for basic checksums where no adversary is trying to fool the check.
- Is hashing the same as encryption?
- No — encryption is reversible with the right key, while hashing is one-way and produces a fixed-length fingerprint with no key involved at all.