128-bit hash (32 hex characters)
160-bit hash (40 hex characters)
256-bit hash (64 hex characters)
512-bit hash (128 hex characters)
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text. Cryptographic hash functions (MD5, SHA-1, SHA-256, SHA-512) compute a fixed-size, deterministic digest from arbitrary input. Hashes are one-way: you cannot reverse a hash to recover the original input. Hash functions are widely used for integrity verification, password storage, and digital signatures.
Instantly generate cryptographic hashes in your browser using the Web Crypto API. No server, no logs, 100% private. 100% free, no registration, and complete privacy — everything runs locally in your browser, so your data never touches a server.
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes simultaneously to compare or select the best for your use case.
Hashes update automatically as you type — no button press required.
Copy any hash to the clipboard instantly with a single click.
All hashing is done locally in your browser using the Web Crypto API. Your data never leaves your machine.
Hash Generation Example
Input
password123Output:
SHA-256: cc7d8c4eaa84db53d3e6d8c8de3a4ff5cab9d79ad7bbb965e2e0f8e5ef50c4a5A cryptographic hash function takes any input (text, file, image) and computes a fixed-size digest (hash) that is: (1) deterministic — the same input always produces the same hash; (2) one-way — you cannot reverse a hash to recover the input; (3) collision-resistant — two different inputs should not produce the same hash (ideally). Hash functions are foundational for integrity checks, password hashing, and digital signatures.
They differ in output size and security: MD5 produces 128-bit hashes (32 hex chars), SHA-1 produces 160-bit (40 hex), SHA-256 produces 256-bit (64 hex), and SHA-512 produces 512-bit (128 hex). MD5 and SHA-1 are cryptographically broken — use SHA-256 or SHA-512 for security-critical applications. SHA-256 is recommended for most use cases.
No. Cryptographic hashes are one-way functions by design. However, short inputs (passwords) can be attacked via rainbow tables or brute-force. To securely hash passwords, use bcrypt, scrypt, or Argon2 with a salt — not raw MD5 or SHA.
Because passwords should never be stored (encrypted or not) — they should only be hashed. When a user logs in, you hash their submitted password and compare it to the stored hash. If an attacker steals the hash database, they cannot recover the original passwords without breaking the hash function or brute-forcing, which is slow with modern algorithms (bcrypt, Argon2).
The publisher (e.g., a Linux distro or software project) publishes the SHA-256 hash of a file on their website. After downloading, you hash the file using this tool (or your OS: `sha256sum file` on Linux, `shasum -a 256 file` on macOS) and compare. If they match, the file was not tampered with or corrupted in transit.
Yes. This tool runs entirely in your browser using the Web Crypto API — your input is never sent to any server. For maximum security, disable internet access while hashing sensitive data, or audit this tool's source code before using it with secrets.
Generate cryptographic hashes (SHA-256 & more) online, free. A hash function maps any input to a fixed-length string (a digest) that changes completely if a single byte of the input changes. This tool computes common hashes — including SHA-256, the modern default — from your text using the browser's Web Crypto API, so the digest is computed locally and your input never leaves your device.
Hashes are computed with the browser's built-in Web Crypto (SubtleCrypto) for the SHA family, the same standards-based implementation used by secure web apps. 100% free, no registration, and complete privacy — everything runs locally in your browser, so your data never touches a server.
Generate widely used digests such as SHA-256, SHA-1 and MD5 from any text, with the hex digest ready to copy.
The same input always yields the same hash, so you can compare digests to verify a file or value is unchanged.
Digests compute immediately client-side via the Web Crypto API — no upload, no wait.
Your input is hashed locally and never transmitted — safe for sensitive strings.
Use SHA-256 for anything that matters — it's the current standard for integrity and fingerprinting. SHA-1 and MD5 are still common for non-security checksums and legacy compatibility, but are considered broken for security because collisions can be engineered.
No. Hashing is one-way: there is no 'unhash'. The same input always produces the same digest, but you cannot reverse a digest back to its input — that's what makes hashes useful for verification.
No. Encryption is reversible with a key; hashing is a one-way fingerprint with no key and no way back. Hashing verifies integrity; encryption protects confidentiality.
No. Plain SHA/MD5 is unsuitable for password storage — use a slow, salted algorithm such as bcrypt, scrypt, or Argon2 instead. This tool is for checksums, fingerprints, and learning.
No. Hashes are computed locally in your browser; your text is never sent to a server.
We use cookies for analytics and personalized ads to help keep these tools free. Until you accept, ads stay non-personalized and analytics cookies are off. See our Privacy Policy.