Hash Generator

Compute MD5, SHA-1, SHA-256, and SHA-512 cryptographic hashes from text or files — all processing happens in your browser. No data is ever sent to any server.

Input

Hash Results Uppercase

MD5

Enter text or select a file above

SHA-1

—

SHA-256

—

SHA-512

—

Compare Two Hashes

How to Use

Select the Text tab and type or paste any string into the input area. All four hashes update automatically in real time as you type — no button click required.
To hash a local file, click the File tab and either click the drop zone or drag and drop any file into it. The file is read using the browser’s FileReader API and never leaves your device.
Click any Copy button to copy that hash to your clipboard. Toggle Uppercase to switch between lowercase (d41d8cd9…) and uppercase (D41D8CD9…) output.
Use the Compare Two Hashes section to verify integrity: paste the expected hash on the left and the computed hash on the right. Useful for verifying downloaded file checksums or comparing stored hashes.

About Cryptographic Hash Algorithms

A cryptographic hash function takes an input of any size and produces a fixed-length output called a digest or hash. The same input always produces the same hash, but any change to the input — even a single character — produces a completely different result. This property, called the avalanche effect, makes hashes useful as tamper-evident fingerprints for data.

Hash functions are one-way: given only the hash, reconstructing the original input is computationally infeasible for secure algorithms. This makes them suitable for verifying data without revealing the data itself. Common real-world applications include verifying software downloads, storing passwords (with salting and key stretching), generating unique identifiers, digital signatures, and blockchain ledgers.

MD5

128-bit output · 32 hex chars
Fast. Cryptographically broken (collisions). Safe for non-security checksums only. Do not use for passwords or authentication.

SHA-1

160-bit output · 40 hex chars
Deprecated for cryptographic use since 2017. Still found in legacy systems and Git object IDs. Avoid for new security applications.

SHA-256

256-bit output · 64 hex chars
Currently secure. The industry standard for TLS certificates, Bitcoin, Linux packages, and JWT signing. Recommended for all new uses.

SHA-512

512-bit output · 128 hex chars
Larger SHA-2 variant. Equally secure with greater brute-force resistance. Faster than SHA-256 on 64-bit CPUs due to native 64-bit word processing.

Frequently Asked Questions

Can I use MD5 or SHA-1 for password hashing?

No. Never use raw hash functions (including SHA-256) directly for password storage. Password hashing requires dedicated algorithms like bcrypt, scrypt, or Argon2 that incorporate a random per-user salt and are deliberately slow to resist GPU-based brute-force attacks. An unsalted MD5 password can be reversed in milliseconds using precomputed rainbow tables.

Why do even tiny input changes produce a completely different hash?

This is the avalanche effect — a fundamental design property of all cryptographic hash functions. Each bit of the input is mixed through multiple rounds of bitwise operations that cause every output bit to depend on every input bit. A change of even one bit cascades through all rounds, randomising the entire output. This ensures that similar inputs produce unrelated hashes, making it impossible to infer information about the original data from the digest.

Which algorithm should I use to verify a downloaded file?

Use whichever algorithm the publisher provides — most modern projects publish SHA-256 checksums. Compare the hash displayed here against the hash listed on the download page. If they match exactly, the file arrived intact and has not been tampered with. If they differ, the file may be corrupted or modified; do not use it. SHA-512 is equally valid. MD5 and SHA-1 checksums are only reliable for detecting accidental corruption, not intentional tampering.

Is this tool safe to use with sensitive data?

Yes. All hashing runs in your browser using the built-in SubtleCrypto Web Crypto API (SHA algorithms) and a local MD5 implementation. No input text or file content is transmitted to any server. You can verify this by opening your browser’s DevTools Network tab while using the tool — you will see zero outbound requests containing your input.