Hash Generator (MD5 / SHA)

Generate MD5, SHA-1, SHA-256 and SHA-512 hashes of any text — all four shown at once.

AdvertisementAd slot #1 · below the result

What a hash function does

A hash function takes any block of data — a word, a file, a database — and produces a fixed-length string of hex digits called a digest. Three properties define a cryptographic hash:

  • One-way. You cannot reverse a digest back to the original input. Given 5d41402abc4b2a76b9719d911017c592, there is no practical way to recover hello.
  • Deterministic. The same input always produces the same digest. hello will always hash to 5d41402abc4b2a76b9719d911017c592 under MD5, on every machine, every time.
  • Avalanche effect. A single character change — even flipping one bit — produces a completely different digest. hello and Hello share no visible pattern in their hashes.

Which algorithm to use

MD5

MD5 produces a 128-bit (32 hex character) digest. It was the dominant checksum algorithm of the 1990s but is now considered broken for security: deliberate collisions (two different inputs with the same hash) can be manufactured cheaply. Use MD5 only for non-security purposes — verifying a file downloaded correctly, generating cache keys, or deduplicating records — where a collision does not confer any advantage to an attacker.

SHA-1

SHA-1 produces a 160-bit (40 hex character) digest. It was deprecated for security use by NIST in 2011 and practical collision attacks were demonstrated in 2017 (the SHAttered attack). Modern browsers and certificate authorities no longer accept SHA-1 signatures. Treat it the same as MD5 — checksum and legacy compatibility only.

SHA-256

SHA-256 is part of the SHA-2 family and produces a 256-bit (64 hex character) digest. It is the current standard choice for digital signatures, TLS certificates, code signing, and data integrity. No practical attacks are known. When in doubt, use SHA-256.

SHA-512

SHA-512 produces a 512-bit (128 hex character) digest. It offers a larger security margin than SHA-256 and can be faster than SHA-256 on 64-bit CPUs because it processes data in 64-bit words. Use it when extra margin is needed — for example, when hashing large volumes of data or when the system lifetime is expected to exceed 20 years.

Why not to use these for passwords

General-purpose hash functions are designed to be fast. That is exactly the wrong property for password storage: an attacker with a GPU can try billions of candidate passwords per second against a SHA-256 digest. Purpose-built password-hashing functions — bcrypt, scrypt, and Argon2 — are deliberately slow and memory-hard, so each guess takes meaningful time even on specialist hardware. Never use MD5, SHA-1, SHA-256, or SHA-512 to store passwords, even with a salt.

Worked example

Hashing hello:

  • MD5 → 5d41402abc4b2a76b9719d911017c592
  • SHA-256 → 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

Changing just one character — Hello instead of hello — produces a completely different digest in both cases, illustrating the avalanche effect.

Frequently asked

Is my input sent anywhere?

No. All hashing runs in your browser using the built-in crypto.subtle API (for SHA) and a local implementation (for MD5). Nothing you type is transmitted.

Why do all four hashes appear at once?

Comparing digests across algorithms helps illustrate how the same input produces different digest lengths and values. It is also practical: if you need to match a hash of unknown algorithm, you can check all four immediately.

Can I hash a file with this tool?

This tool hashes text. For file checksums, use your operating system: sha256sum filename on Linux/macOS, or Get-FileHash filename in PowerShell on Windows.

AdvertisementAd slot #2 · after the explainer