Hash Generator
Generate MD5, SHA-1, SHA-256 and SHA-512 hashes from any input string.
Enter text on the left and click Hash
All hash algorithms run at once
What Is a Cryptographic Hash Function?
A hash function takes any input and produces a fixed-length output (the "digest") that looks random. The same input always produces the same hash, but even a single changed character produces a completely different result. Hashes are one-way — you cannot reverse a hash to get the original input. This makes them ideal for verifying data integrity, storing passwords, and generating checksums.
How to Use This Hash Generator
- Type or paste your text into the left input pane.
- All 5 algorithms (MD5, SHA-1, SHA-256, SHA-384, SHA-512) run simultaneously — results appear instantly.
- Use Live ⚡ mode (default on) to see hashes update as you type.
- Switch between Text (UTF-8) and Hex input encoding using the toolbar.
- Toggle between lowercase and UPPERCASE hex output.
- Click Copy next to any algorithm to copy just that hash, or Copy All for all results.
MD5 vs SHA-1 vs SHA-256 vs SHA-512 — Which Should You Use?
- MD5 (128-bit) — Fast, widely supported. Cryptographically broken — do not use for security. Still acceptable for non-security checksums (file integrity, cache keys) where collision attacks are not a concern.
- SHA-1 (160-bit) — Deprecated for cryptographic security since 2017. Still used in Git object IDs and legacy systems. Do not use for new security-sensitive work.
- SHA-256 (256-bit) — The current industry standard. Used in TLS certificates, code signing, JWTs (HS256), and Bitcoin. Use this for most new security applications.
- SHA-384 (384-bit) — Truncated SHA-512. Marginally slower than SHA-256 but stronger. Used in some TLS cipher suites and JWTs (HS384).
- SHA-512 (512-bit) — Maximum SHA-2 strength. Preferred for password pre-hashing (before bcrypt/Argon2) on platforms with 64-bit architecture advantages. Used in JWTs (HS512).
MD5 Is NOT Encryption
MD5 and SHA functions are hash functions, not encryption. Encryption is reversible with a key; hashing is one-way. You cannot "decrypt" an MD5 hash. However, MD5 is vulnerable to collision attacks (two different inputs producing the same hash) and preimage attacks via rainbow tables, which is why MD5-hashed passwords can often be reversed by looking up the hash in a precomputed database. For passwords, always use a dedicated password hashing function like bcrypt, Argon2, or scrypt instead.
Common Use Cases for Hash Functions
- File integrity checksums — verify a downloaded file has not been tampered with by comparing its SHA-256 against the publisher's posted value.
- Password storage — store the hash of a password (with a salt) rather than the plaintext. SHA-256 alone is not recommended — use bcrypt or Argon2.
- Git object IDs — Git uses SHA-1 (migrating to SHA-256) to identify commits, trees, and blobs.
- API request signing — HMAC-SHA256 creates a keyed hash that verifies both the data integrity and the sender's identity.
- Cache keys — hash a large URL or request body to produce a short, fixed-length cache key.
- Data deduplication — identify duplicate files by comparing their SHA-256 hashes.
Tips & Tricks
- Use SHA-256 by default — fast, standard, secure. Only pick another algorithm if you have a specific compatibility requirement.
- Never use MD5 or SHA-1 for new security-sensitive work — both are cryptographically broken. They remain fine for non-security checksums (cache keys, file dedup) where collision attacks don't matter.
- For passwords, don't use these hashes directly — use bcrypt, Argon2, or scrypt. Plain SHA-256 is too fast and vulnerable to GPU brute-force.
- Switch input to Hex when hashing binary data (encryption keys, raw bytes) — text mode encodes as UTF-8 first which is rarely what you want for raw bytes.
- Compare hashes case-insensitively — UPPERCASE and lowercase hex represent identical values. This tool lets you toggle either way.
Related Tools
- Password Generator — Generate high-entropy random strings for use as HMAC secrets or API keys.
- JWT Generator — Create HS256/384/512 tokens (HMAC-SHA signed JWTs) using your own secret.
- Base64 Encoder / Decoder — Encode hash digests or binary data as Base64 for transmission in JSON or URLs.
- UUID Generator — Generate cryptographic random identifiers for use as ID columns or session keys.
- JWT Decoder — Inspect HS256/384/512 token claims and signature.
Is My Data Sent to a Server?
No. All five hashes are computed entirely in your browser using the native SubtleCrypto Web API (with a small JavaScript fallback for MD5, which is no longer part of the standard SubtleCrypto algorithm list). Your input — including passwords, API keys, or any sensitive data — never leaves your device. There is no network call, no logging, and no analytics on the values you enter.