Skip to main content
#️⃣

Hash Generator

Generate SHA-1, SHA-256, SHA-384, and SHA-512 hashes for text or files.

Hashes update automatically as you type

SHA-1
SHA-256
SHA-384
SHA-512

How to Generate Cryptographic Hashes

  • Text Hash: Type or paste text — SHA-1, SHA-256, SHA-384, and SHA-512 hashes update in real time.
  • File Hash: Upload any file to compute its cryptographic hashes — useful for verifying file integrity.
  • Click Copy next to any hash to copy it to the clipboard.

Uses the browser's built-in Web Crypto API — no data is ever sent to any server.

What is a Hash Generator?

A cryptographic hash function takes any input (text or file) and produces a fixed-length string of characters called a hash or digest. The same input always produces the same hash, but even a tiny change in the input produces a completely different hash. Hash functions are one-way — you cannot recover the original data from the hash alone. This tool uses the browser's built-in Web Crypto API to generate hashes locally; your data never leaves your device.

Common Use Cases

  • Password storage verification: Databases store password hashes, not plaintext — hashing lets you verify a password without storing it
  • File integrity checking: Compare the hash of a downloaded file to the published checksum to confirm it has not been tampered with
  • Data deduplication: Identify duplicate files or database records by comparing their hashes
  • API request signing: HMAC-SHA256 is used to sign API requests to prove authenticity
  • Version control: Git uses SHA-1 (and transitioning to SHA-256) to identify every commit and file

FAQ

What is the difference between MD5 and SHA-256?

MD5 produces a 128-bit (32 hex character) hash, while SHA-256 produces a 256-bit (64 hex character) hash. SHA-256 is part of the SHA-2 family and is significantly more collision-resistant. Note: this tool uses the Web Crypto API which supports SHA-1, SHA-256, SHA-384, and SHA-512 — not MD5, as MD5 is not included in the Web Crypto standard.

Is MD5 still secure?

No. MD5 is considered cryptographically broken and should not be used for security purposes. Researchers have demonstrated practical collision attacks — meaning two different inputs can produce the same MD5 hash. Use SHA-256 or SHA-512 for any security-sensitive application.

What is a hash collision?

A hash collision occurs when two different inputs produce the same hash output. While theoretically every hash function can have collisions (due to mapping infinite inputs to finite outputs), a good cryptographic hash function makes it computationally infeasible to find two inputs with the same hash. MD5 and SHA-1 have known practical collision vulnerabilities.

Can a hash be reversed?

Not by design. Cryptographic hash functions are one-way functions — there is no mathematical inverse. However, common inputs (like simple passwords) can be found via rainbow table attacks (pre-computed hash databases). This is why passwords should be salted before hashing.

What is HMAC?

HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to produce a message authentication code. It is used to verify both the integrity and authenticity of a message. HMAC-SHA256 is commonly used to sign API requests, JWT tokens, and webhook payloads.

Related Tools