MD5 & SHA Hash Generator
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from any text instantly in your browser.
MD5 & SHA hash generator computes cryptographic hashes from any input text using the browser's SubtleCrypto API. Enter text and instantly see SHA-1, SHA-256, and SHA-512 digests as hex strings. All hashing runs client-side with no server round-trip. Useful for verifying file integrity, testing API signatures, and learning how hash functions work.
Hash appears here after you type above
Hash appears here after you type above
Hash appears here after you type above
Frequently Asked Questions
- What is SHA-256?
- SHA-256 is a cryptographic hash function producing a 256-bit output as a 64-character hex string. Designed by the NSA and standardised by NIST, SHA-256 is used in TLS certificates, Bitcoin mining, and file integrity verification.
- What is the difference between MD5 and SHA-256?
- MD5 produces a 128-bit hash. SHA-256 produces a 256-bit hash. MD5 is faster but cryptographically broken: collisions (two inputs with the same hash) can be generated intentionally. SHA-256 has no known practical collisions. For security-critical uses, always prefer SHA-256 or SHA-512 over MD5.
- Can I reverse a SHA hash to get the original text?
- No. Hash functions are one-way. Given a hash, no algorithm reliably recovers the original input. For short or common inputs (like dictionary passwords), the hash can be looked up in pre-computed rainbow tables. For unique inputs, reversal is computationally infeasible.
- What is SHA-512 used for?
- SHA-512 produces a 512-bit output as a 128-character hex string. Maximum collision resistance is needed for password hashing (with a salt), digital signatures, and high-security certificate chains. SHA-512 is slower than SHA-256 but provides a larger security margin.
- How do I verify a file checksum?
- Download the file, then compute its SHA-256 hash using this tool or a local command. Compare the result against the hash published by the file provider. Matching hashes confirm the file was not modified or corrupted in transit.
What is a hash function?
A hash function takes input of any length and produces a fixed-length output called a digest or hash. The output appears random and unpredictable. The same input always produces the same output. Any change to the input, even a single character, produces a completely different hash.
Hashes serve three main purposes: verifying data integrity, storing passwords without the plaintext, and signing messages to prove authenticity.
How the hash generator works
Type or paste any text into the input field. The SubtleCrypto API processes the text using the same engine that powers HTTPS in the browser. SHA-1, SHA-256, and SHA-512 are all supported. The output is displayed as a lowercase hex string. SHA-1 produces 40 hex characters. SHA-256 produces 64. SHA-512 produces 128.
All processing runs in the browser. No text is transmitted to any server. The tool works offline after the page loads.
SHA-1, SHA-256, and SHA-512 compared
SHA-1 produces a 160-bit hash. Widely deployed in older systems, SHA-1 is no longer considered cryptographically secure. Collision attacks have been demonstrated practically. Avoid SHA-1 for new security-critical uses.
SHA-256 is the current standard for most security applications. TLS 1.3 certificates, JWT tokens, code-signing pipelines, and blockchain transactions all rely on it. No practical collision attacks are known.
SHA-512 offers a larger output and a higher security margin at the cost of speed. On 64-bit processors, SHA-512 is often faster than SHA-256 because the algorithm operates on 64-bit words natively. On 32-bit systems and older mobile chips, SHA-256 is faster.
Common uses for hash functions
- File integrity: download a file and hash it. Compare against the published checksum to confirm no tampering or corruption during transfer.
- Password storage: databases store the hash of a password rather than the password itself. When a user logs in, the entered password is hashed and compared to the stored hash. A breach exposes only hashes, not plaintext passwords.
- API signatures: many APIs require requests to include an HMAC computed from the request body and a secret key. Matching the HMAC proves the request was sent by an authorised client.
- Deduplication: hashing file contents lets you find duplicates without comparing bytes. Two files with the same SHA-256 hash are identical with very high probability.
Related tools
Base64 Encoder / Decoder
TextEncode text to Base64 or decode Base64 back to plain text instantly.
Password Generator
UtilitiesGenerate secure random passwords with custom length, character types, and a live strength indicator.
JSON Formatter & Minifier
TextValidate, beautify, and minify JSON data instantly in your browser.