Hash Generator — MD5, SHA-1, SHA-256, SHA-512

A hash function takes input of any size — a password, a sentence, an entire file — and produces a fixed-length string of characters called a digest. The same input always produces the same digest, but even a one-character change produces a completely different output. Hashes are used for verifying file integrity, indexing data, fingerprinting content, and (with proper algorithms and salting) storing passwords.

For any security-sensitive use, choose SHA-256 or SHA-512. SHA-256 is the modern default and is used by TLS certificates, Bitcoin, and most JWT signatures. SHA-512 is similar but produces a longer digest. MD5 and SHA-1 are considered cryptographically broken — they should only be used for non-security tasks like file checksums, deduplication keys, or legacy compatibility (Git, for example, still uses SHA-1 internally).

No. All hashes are computed entirely in your browser using the standard SubtleCrypto API (for SHA-1, SHA-256, SHA-384, and SHA-512) and a pure-JavaScript implementation for MD5. Your input — including any uploaded files — is never transmitted, logged, or stored. You can safely hash passwords, private documents, and sensitive data.

Yes. Switch to File mode and select a file from your device. The file is read into memory locally and all five algorithms run in your browser. This is the standard way to compute a file checksum to verify it matches a published hash — for example, confirming a software download has not been tampered with.

No. MD5 is fast and has known collision attacks, which makes it unsuitable for password storage. For passwords, use a purpose-built password hashing function like bcrypt, scrypt, or Argon2, which are intentionally slow and salt each password to defeat rainbow-table attacks. A plain SHA-256 of a password — even a long one — is also not safe enough for production systems.

They should not. Hash functions are deterministic: the same input always produces the same digest, byte for byte. If your hashes are changing, the input is changing too — common causes are different line endings (LF vs CRLF), trailing whitespace, character encoding differences (UTF-8 vs UTF-16), or a file that is being modified between runs.

Hashing is a one-way operation: given a digest, you cannot recover the original input. Encryption is two-way: encrypted data can be decrypted with the right key. Use hashing to verify integrity or fingerprint content; use encryption to protect the confidentiality of data that must later be read back.

All algorithms in this tool encode your text as UTF-8 before hashing. This matches the behavior of most server-side libraries and command-line tools like sha256sum and openssl dgst, so digests produced here will match the same input hashed in Python, Node.js, Go, Ruby, or the shell — provided UTF-8 is also used there.

Yes. Many open-source projects publish a SHA-256 checksum next to each release. Download the file, switch this tool to File mode, select the downloaded file, and compare the SHA-256 output character by character to the published value. If they match, the file has not been corrupted in transit or tampered with.