Home/Dev Tools/Hash Generator

Hash Generator

Generate

Generate MD5, SHA-1, SHA-256 and SHA-512 hashes from any input string.

Input
Output
Input
Loading editor…
🔒

Enter text on the left and click Hash

All hash algorithms run at once

✨ AI Code Explanation
Mode

What Is a Cryptographic Hash Function?

A hash function takes any input and produces a fixed-length output (the "digest") that looks random. The same input always produces the same hash, but even a single changed character produces a completely different result. Hashes are one-way — you cannot reverse a hash to get the original input. This makes them ideal for verifying data integrity, storing passwords, and generating checksums.

How to Use This Hash Generator

  1. Type or paste your text into the left input pane.
  2. All 5 algorithms (MD5, SHA-1, SHA-256, SHA-384, SHA-512) run simultaneously — results appear instantly.
  3. Use Live ⚡ mode (default on) to see hashes update as you type.
  4. Switch between Text (UTF-8) and Hex input encoding using the toolbar.
  5. Toggle between lowercase and UPPERCASE hex output.
  6. Click Copy next to any algorithm to copy just that hash, or Copy All for all results.

MD5 vs SHA-1 vs SHA-256 vs SHA-512 — Which Should You Use?

  • MD5 (128-bit) — Fast, widely supported. Cryptographically broken — do not use for security. Still acceptable for non-security checksums (file integrity, cache keys) where collision attacks are not a concern.
  • SHA-1 (160-bit) — Deprecated for cryptographic security since 2017. Still used in Git object IDs and legacy systems. Do not use for new security-sensitive work.
  • SHA-256 (256-bit) — The current industry standard. Used in TLS certificates, code signing, JWTs (HS256), and Bitcoin. Use this for most new security applications.
  • SHA-384 (384-bit) — Truncated SHA-512. Marginally slower than SHA-256 but stronger. Used in some TLS cipher suites and JWTs (HS384).
  • SHA-512 (512-bit) — Maximum SHA-2 strength. Preferred for password pre-hashing (before bcrypt/Argon2) on platforms with 64-bit architecture advantages. Used in JWTs (HS512).

MD5 Is NOT Encryption

MD5 and SHA functions are hash functions, not encryption. Encryption is reversible with a key; hashing is one-way. You cannot "decrypt" an MD5 hash. However, MD5 is vulnerable to collision attacks (two different inputs producing the same hash) and preimage attacks via rainbow tables, which is why MD5-hashed passwords can often be reversed by looking up the hash in a precomputed database. For passwords, always use a dedicated password hashing function like bcrypt, Argon2, or scrypt instead.

Common Use Cases for Hash Functions

  • File integrity checksums — verify a downloaded file has not been tampered with by comparing its SHA-256 against the publisher's posted value.
  • Password storage — store the hash of a password (with a salt) rather than the plaintext. SHA-256 alone is not recommended — use bcrypt or Argon2.
  • Git object IDs — Git uses SHA-1 (migrating to SHA-256) to identify commits, trees, and blobs.
  • API request signing — HMAC-SHA256 creates a keyed hash that verifies both the data integrity and the sender's identity.
  • Cache keys — hash a large URL or request body to produce a short, fixed-length cache key.
  • Data deduplication — identify duplicate files by comparing their SHA-256 hashes.

Tips & Tricks

  • Use SHA-256 by default — fast, standard, secure. Only pick another algorithm if you have a specific compatibility requirement.
  • Never use MD5 or SHA-1 for new security-sensitive work — both are cryptographically broken. They remain fine for non-security checksums (cache keys, file dedup) where collision attacks don't matter.
  • For passwords, don't use these hashes directly — use bcrypt, Argon2, or scrypt. Plain SHA-256 is too fast and vulnerable to GPU brute-force.
  • Switch input to Hex when hashing binary data (encryption keys, raw bytes) — text mode encodes as UTF-8 first which is rarely what you want for raw bytes.
  • Compare hashes case-insensitively — UPPERCASE and lowercase hex represent identical values. This tool lets you toggle either way.

Related Tools

  • Password Generator — Generate high-entropy random strings for use as HMAC secrets or API keys.
  • JWT Generator — Create HS256/384/512 tokens (HMAC-SHA signed JWTs) using your own secret.
  • Base64 Encoder / Decoder — Encode hash digests or binary data as Base64 for transmission in JSON or URLs.
  • UUID Generator — Generate cryptographic random identifiers for use as ID columns or session keys.
  • JWT Decoder — Inspect HS256/384/512 token claims and signature.

Is My Data Sent to a Server?

No. All five hashes are computed entirely in your browser using the native SubtleCrypto Web API (with a small JavaScript fallback for MD5, which is no longer part of the standard SubtleCrypto algorithm list). Your input — including passwords, API keys, or any sensitive data — never leaves your device. There is no network call, no logging, and no analytics on the values you enter.