Hash Generator
Compute MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text or binary files. Multiple algorithms at once, file drag-and-drop, and one-click copy.
The Hash Generator is a free, browser-based tool for computing cryptographic hash values from text or any file. Select one or more algorithms, enter your input, and all selected hashes are computed simultaneously. All processing runs entirely in your browser using the Web Crypto API — no data is uploaded anywhere.
Features
| Feature | Detail |
|---|---|
| Multiple algorithms at once | Compute MD5, SHA-1, SHA-256, SHA-384, and SHA-512 in a single click |
| Text and file support | Hash plain text input or any binary file (drag-and-drop supported) |
| Lowercase and uppercase output | Toggle between hex formats for any workflow |
| Per-row copy | Copy any individual hash with one click |
| Copy all | Copy the full set of results as Algorithm: hash lines |
| Web Crypto API | SHA variants use the browser's native cryptographic engine |
| Pure-JS MD5 | MD5 is computed client-side without any external library |
How to Use
- Type or paste text into the input area, or click Load file to select a file. You can also drag and drop a file directly onto the text area.
- Check the algorithms you want to compute.
- Select an output format (lowercase or uppercase hex).
- Click Generate.
- Copy individual hashes with the row copy button, or click Copy all to copy all results at once.
Supported Algorithms
MD5
MD5 produces a 128-bit (32 hex character) hash. It was originally designed as a cryptographic hash function but is now considered broken for security purposes — it is vulnerable to collision and preimage attacks. It remains widely used for non-security tasks such as checksums, data deduplication, and legacy system compatibility.
SHA-1
SHA-1 produces a 160-bit (40 hex character) hash. It was widely used in TLS certificates and code signing but is now deprecated for cryptographic use after practical collision attacks were demonstrated in 2017 (SHAttered). It is still found in Git commit identifiers and some legacy systems.
SHA-256
SHA-256 is part of the SHA-2 family and produces a 256-bit (64 hex character) hash. It is the current standard for most cryptographic applications, including TLS certificates, code signing, Bitcoin, and password hashing schemes. It is considered secure against all known attacks.
SHA-384
SHA-384 is a truncated variant of SHA-512, producing a 384-bit (96 hex character) hash. It offers a higher security margin than SHA-256 and is used in TLS cipher suites and some government and financial applications.
SHA-512
SHA-512 produces a 512-bit (128 hex character) hash. It provides the highest security margin of the SHA-2 variants supported here and is often faster than SHA-256 on 64-bit processors due to its use of 64-bit words.
Hash Length Reference
| Algorithm | Bits | Hex characters |
|---|---|---|
| MD5 | 128 | 32 |
| SHA-1 | 160 | 40 |
| SHA-256 | 256 | 64 |
| SHA-384 | 384 | 96 |
| SHA-512 | 512 | 128 |
Common Use Cases
File Integrity Verification
Compute the SHA-256 hash of a downloaded file and compare it against the hash published by the software author. Any modification to the file — even a single bit — produces a completely different hash.
Password Storage Reference
Hash algorithms are used (with salting and stretching) in password storage schemes like bcrypt and Argon2. This tool computes raw hashes without salting, which is useful for understanding the algorithms but not for production password storage.
API Signature Verification
Many APIs use HMAC-SHA-256 for request signing. While this tool computes plain hashes rather than HMACs, understanding the underlying SHA-256 output is useful when debugging signing implementations.
Data Deduplication
MD5 and SHA-256 are commonly used to detect duplicate files or data blocks. Two identical files always produce the same hash, and the probability of two different files producing the same hash (a collision) is negligible for SHA-256.
Content Addressing
Systems like Git, IPFS, and many package managers use content-addressed storage, where a file's hash is its identifier. Git uses SHA-1 (migrating to SHA-256) to identify blobs, trees, and commits.
Frequently Asked Questions
Is it safe to hash sensitive data in this tool?
All hashing is performed locally in your browser. No data is transmitted to any server. The SHA variants use the browser's built-in crypto.subtle Web Crypto API, and MD5 is computed by a pure JavaScript implementation. Check your browser's network tab to confirm no requests are made while hashing.
Can I use the hashes for password storage?
No. Raw hash functions like MD5, SHA-1, and SHA-256 are not suitable for password storage without additional protection. Use a purpose-built password hashing function such as bcrypt, scrypt, or Argon2, which incorporate salting and work factors designed to slow down brute-force attacks.
Why is MD5 still included if it is broken?
MD5 remains useful for non-security purposes such as checksums, cache keys, and compatibility with legacy systems. Many tools and protocols still output MD5 hashes for informational purposes. This tool includes it for completeness while the documentation makes its security limitations clear.
Why do two identical strings always produce the same hash?
Hash functions are deterministic — the same input always produces the same output. This property is what makes them useful for integrity checking. The avalanche effect ensures that even a single character change produces a completely different output.
What is the difference between a hash and encryption?
Encryption is reversible — a ciphertext can be decrypted back to the original plaintext with the correct key. Hashing is one-way — there is no algorithm to recover the original input from the hash output alone. This makes hashes suitable for integrity checking but not for storing data that needs to be retrieved.
Can two different inputs produce the same hash (collision)?
In theory, yes — any hash function mapping infinite inputs to a fixed-length output must have collisions. In practice, for SHA-256 and SHA-512, finding a collision is computationally infeasible with current technology. MD5 and SHA-1 have known practical collision attacks and should not be relied on in security contexts.