Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text or files. Compare hashes to verify file integrity. Everything runs locally. Your data never leaves your browser.

All hashing is performed locally in your browser. No data is sent to any server.

What are cryptographic hashes?

A cryptographic hash function takes an input of any size and produces a fixed-size output (the "hash" or "digest") that acts as a unique fingerprint for that data. The same input always produces the same hash, but even a single bit change in the input produces a completely different output. This property is called the avalanche effect.

Hash functions are one-way: you cannot reverse a hash to recover the original input. This makes them fundamental to password storage, digital signatures, file integrity verification, and blockchain technology.

Algorithm comparison

MD5 (128-bit / 32 hex characters)

Designed in 1991 by Ronald Rivest. Fast and widely supported, but cryptographically broken: practical collision attacks have been demonstrated since 2004. Two different inputs can be crafted to produce the same MD5 hash. Still commonly used for non-security purposes like checksums and data deduplication, but should never be used for password hashing, digital signatures, or certificate verification.

SHA-1 (160-bit / 40 hex characters)

Designed by the NSA in 1995. Stronger than MD5 but also considered deprecated for security use since Google demonstrated a practical collision (SHAttered) in 2017. Major browsers stopped accepting SHA-1 SSL certificates in 2017. Git still uses SHA-1 for commit hashes (though it's migrating to SHA-256). This is acceptable because Git uses it for integrity, not security.

SHA-256 (256-bit / 64 hex characters)

Part of the SHA-2 family, designed by the NSA. The current standard for most security applications. Used in TLS certificates, Bitcoin mining, code signing, and file integrity verification. No known practical attacks. This is the recommended default for most use cases.

SHA-384 (384-bit / 96 hex characters)

A truncated version of SHA-512 that produces a 384-bit output. Provides a higher security margin than SHA-256. Used in some government and financial applications that require extra assurance.

SHA-512 (512-bit / 128 hex characters)

The largest output in the SHA-2 family. Provides the highest security margin and is actually faster than SHA-256 on 64-bit processors because it operates on 64-bit words natively. Used when maximum security is required or when running on 64-bit systems where performance is a factor.

File integrity verification

One of the most common uses of hashes is verifying that a downloaded file hasn't been corrupted or tampered with. Software distributors often publish SHA-256 hashes alongside their downloads. To verify:

  1. Download the file from the source.
  2. Note the published hash from the vendor's website.
  3. Generate the hash of your downloaded file using the same algorithm.
  4. Compare the two. They should be identical. Use the "Verify hash" field above to do this comparison automatically.

If the hashes differ, the file has been modified, either corrupted during transfer or potentially tampered with. Do not use it.

Common use cases

  • File integrity: Verify downloads, backups, and transfers haven't been corrupted.
  • Password storage: Databases store password hashes, not plaintext. (Use bcrypt or Argon2 in practice, not raw SHA.)
  • Digital signatures: Sign the hash of a document rather than the entire document.
  • Data deduplication: Identify duplicate files by comparing hashes instead of byte-by-byte comparison.
  • Cache busting: Append a content hash to filenames so browsers fetch updated versions.
  • Blockchain: Each block contains the hash of the previous block, creating an immutable chain.