Hash Generator
Generate MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 hashes instantly. Hash text as you type, compute file checksums, generate HMAC-SHA256 signatures, or compare two hashes. Everything runs in your browser.
Security note: MD5 and SHA-1 are not secure for password hashing. Use bcrypt or Argon2 for passwords. SHA-256+ is suitable for checksums, digital signatures, and data integrity verification.
Algorithm Comparison
| Algorithm | Output | Security | Use Case |
|---|---|---|---|
| MD5 | 128 bits (32 hex) | Broken | File checksums, non-security deduplication |
| SHA-1 | 160 bits (40 hex) | Deprecated | Git commits, legacy systems |
| SHA-224 | 224 bits (56 hex) | Secure | Certificate chains, constrained environments |
| SHA-256 | 256 bits (64 hex) | Secure | TLS, Bitcoin, JWT, digital signatures |
| SHA-384 | 384 bits (96 hex) | Secure | TLS 1.2+, government standards |
| SHA-512 | 512 bits (128 hex) | Secure | High-security applications, password storage |
Frequently Asked Questions
What is a hash function?
A cryptographic hash function takes an input of any size and produces a fixed-size output (the “digest”). The same input always produces the same output, but even a tiny change in input produces a completely different hash. Hash functions are one-way — you cannot reverse a hash back to its original input.
Which hash algorithm should I use?
For security purposes, use SHA-256 or SHA-512. MD5 and SHA-1 have known collision vulnerabilities and should not be used for security. MD5 is still acceptable for non-security use cases like file checksums and cache keys. SHA-256 is the most widely used secure hash algorithm today.
What is HMAC and when should I use it?
HMAC (Hash-based Message Authentication Code) combines a secret key with a hash function to produce an authentication code. HMAC-SHA256 is widely used in API authentication, JWT signing, and message integrity verification. Unlike a plain hash, HMAC proves both data integrity and authenticity.
Can I hash a file without uploading it?
Yes. This tool reads your file entirely in the browser using the File API and computes all hashes locally. No data is ever sent to a server. This makes it safe to hash sensitive or large files.
Can I decrypt a hash back to the original text?
No. Hash functions are one-way by design. You cannot mathematically reverse a hash to recover the original input. “Hash cracking” tools work by hashing many possible inputs and comparing results, not by reversing the function. This is why longer, more complex inputs are harder to crack.
Is my data safe?
Yes. SHA hashes are computed using your browser's built-in Web Crypto API, and MD5 is computed with a pure JavaScript implementation. No data is sent to any server. Everything runs entirely in your browser.