Hash Generator

Generate cryptographic hashes from any text string. Supports MD5, SHA-1, SHA-256, and SHA-512 via the Web Crypto API. All computation happens in your browser — your input is never transmitted.

Developer Tools

🔄XML to JSON 🔄JSON to XML ✨JSON Formatter ✅JSON Validator 📋XML Validator 🔐Base64 Encode/Decode 🗄️SQL Formatter 📝Markdown Preview ⚙️C# to VB.NET 🪙JWT Decoder 🕐Timestamp Converter 🔑Hash Generator 🔍Regex Tester 🔢Number Base Converter 🌐HTML Formatter 🎨CSS Minifier ⏱️Cron Parser 🎨RGB/HEX/HSL Converter

Input Text

📄 Drop a .txt file here, or browse

What This Tool Does

Generates MD5, SHA-1, SHA-256, and SHA-512 cryptographic hashes from text input or uploaded files, entirely in your browser using the Web Crypto API. Nothing is ever sent to a server.

Who This Is For

Developers verifying file integrity by comparing expected and actual hashes after download
Security engineers generating and comparing checksums for sensitive files
Anyone who needs to hash a string for comparison, caching keys, or lightweight fingerprinting
DevOps engineers checking that build artifacts haven't been tampered with

Example: Input: The text string Hello, World! or an uploaded binary file → Output: SHA-256: dffd6021bb2bd5...b28688a362182986d — a fixed-length hex digest unique to that exact input

How to Generate a Hash

Type or paste your text into the input field.
All four hash values — MD5, SHA-1, SHA-256, and SHA-512 — update instantly as you type.
Click any hash value to copy it to your clipboard.

All hashing runs in your browser using the Web Crypto API. Hash outputs are hex strings — use regex patterns like /^[a-f0-9]64$/ to validate SHA-256 format in your code. Nothing you type is sent to any server.

MD5, SHA-1, SHA-256, SHA-512 — Compared

Algorithm	Output Length	Status	Use For
MD5	128 bits (32 hex chars)	Broken for security	File checksums, non-security deduplication
SHA-1	160 bits (40 hex chars)	Deprecated for security	Legacy systems, Git commit IDs (still collision-resistant enough for non-adversarial use)
SHA-256	256 bits (64 hex chars)	Secure	Digital signatures, certificates, file integrity, password hashing (with salt)
SHA-512	512 bits (128 hex chars)	Secure	High-security integrity checks, longer output where needed

Important: MD5 and SHA-1 should not be used for security-sensitive purposes. Both have known collision attacks — it is possible to craft two different inputs that produce the same hash. SHA-256 or SHA-512 should be used for any new system.

What Are Hash Functions Used For?

File integrity verification — software downloads often include a SHA-256 checksum. Hash the downloaded file and compare to confirm it was not corrupted or tampered with.
Password storage — passwords should never be stored in plain text. Store a salted hash using bcrypt, scrypt, or Argon2 (not raw SHA-256 — these algorithms are designed to be slow and resist brute-force attacks).
Digital signatures — certificates and code signing hash the content before signing. Any change to the content changes the hash, invalidating the signature.
Data deduplication — hash large files to detect duplicates without comparing byte-by-byte.
Cache keys — hash the parameters of a request to generate a unique, fixed-length cache key.
Git commit IDs — Git uses SHA-1 (migrating to SHA-256) to identify every commit, tree, and blob in a repository.
Blockchain — each block in a blockchain contains the hash of the previous block, making the chain tamper-evident.

Hash Functions Are One-Way

A cryptographic hash function is deterministic (same input always produces same output) and one-way (you cannot reverse the hash to recover the input). There is no "unhash" operation.

However, common values can be looked up in rainbow tables — precomputed databases of hash values. This is why passwords must be salted (a unique random value added to each password before hashing) to prevent rainbow table attacks.

For password storage, use a purpose-built algorithm: bcrypt, scrypt, or Argon2. These are slow by design — they intentionally take milliseconds to compute, making brute-force attacks impractical even if the hash database is stolen.

Cryptography and Security Tools

Hash generation fits into a broader security and data integrity workflow:

Encode the hash in Base64 for use in HTTP headers or API signatures
Inspect JWT signatures — JWTs use HMAC-SHA256 or RS256 signing
URL-encode the hash for use as a query parameter
Combine with timestamps — many HMAC signatures include a timestamp to prevent replay attacks

Related Tools

Generated JSON from a CSV import? Hash the output to verify integrity before storing. → hash JSON converted from CSV
Exporting sensitive data to CSV? Generate a SHA-256 hash to verify the export was not tampered with. → hash CSV exports for integrity verification
Writing about hash algorithms? Publish your developer guide by converting Markdown to HTML. → document hashing in technical guides
Have a VB.NET SHA-256 implementation to migrate? Convert it to C# instantly. → convert VB.NET hashing code to C#

Related Guides

Guide

MD5 vs SHA-1 vs SHA-256: Which Hash Should You Use?

When each algorithm is appropriate, and which ones to stop using.

Tutorial

Hashing Passwords Correctly: Why You Need bcrypt, not SHA-256

Raw SHA-256 is too fast for passwords. Here's why bcrypt and Argon2 exist.

Guide

Base64 Encoding Explained: When and Why Developers Use It

Encoding vs hashing — understand the difference and when each is appropriate.

Frequently Asked Questions

Is MD5 still useful?▼

MD5 is useful for non-security purposes like verifying file integrity against accidental corruption, deduplication, and generating quick checksums. It should not be used for anything security-related because collision attacks are practical — meaning an attacker could craft a malicious file with the same MD5 as a legitimate one.

What is the difference between SHA-256 and SHA-512?▼

Both are part of the SHA-2 family and are cryptographically secure. SHA-512 produces a longer hash (512 vs 256 bits) and is theoretically more resistant to future brute-force improvements. In practice, SHA-256 is sufficient for almost all uses. SHA-512 can actually be faster on 64-bit processors due to its internal word size.

Can I use SHA-256 to hash passwords? See the Base64 Encoder for reversible encoding (unlike hashing). For token verification, the JWT Decoder shows algorithm and signature details.▼

You can, but you should not. SHA-256 is extremely fast — billions of hashes per second on modern hardware. This makes brute-force attacks feasible. Use bcrypt, scrypt, or Argon2 instead — they are designed to be slow and tunable, making brute-force impractical.

Why do two completely different inputs sometimes produce the same hash length?▼

All MD5 hashes are always 128 bits (32 hex characters), regardless of whether you hash one character or one gigabyte. Hash functions produce fixed-length output from arbitrary-length input — this is by design.

What is a salt?▼

A salt is a random value added to an input before hashing. Two users with the same password get different hashes because each has a unique salt. This defeats rainbow tables and ensures that a compromised hash database does not immediately reveal passwords.

How do I verify a file's integrity using a hash?▼

Download the file and its published checksum (usually SHA-256). Hash the downloaded file using this tool or a command like sha256sum filename on Linux/Mac. Compare the result to the published checksum — they should match exactly.