Are MD5, SHA-1, SHA-256, and SHA-512 secure for passwords?

No — none of these are appropriate for password storage. They are general-purpose hashes designed for speed. For passwords, use bcrypt, scrypt, or argon2 with a salt and a work factor. For data integrity, however, SHA-256 and SHA-512 are entirely fine.

When would I use which?

SHA-256 is the modern default for nearly everything: file checksums, content addressing, signatures. SHA-512 is faster on 64-bit hardware and gives a longer digest. SHA-1 and MD5 are broken for security but still appear in legacy systems and as cheap content fingerprints where collision resistance is not required.

Is my input sent to a server?

No. SHA hashes use the browser's SubtleCrypto API; MD5 runs in JavaScript on this page. Your text never leaves your browser.

Why does the same text always produce the same hash?

That's the defining property of a hash: deterministic for a given input. The flip side is that the same input always produces the same output, which is why naive password hashing without a salt is vulnerable — attackers can build lookup tables.

This tool is for text. To hash a file, drop it into a file-aware tool (we may add one later); the math is the same, but the input is bytes from a file rather than a string.

Files never leave your device

Hash Generator

Compute cryptographic hashes for text using the browser SubtleCrypto API. Inputs never leave the page.

Input text

MD5

—

SHA-1

—

SHA-256

—

SHA-512

—

How to use Hash Generator

Type or paste your text into the input area.
Hashes update automatically as you type.
Click any hash to copy it to your clipboard.

What hashes are useful for

A hash is a fixed-size fingerprint of arbitrary input. Two pieces of text are practically guaranteed to produce different hashes (this is what "collision resistance" means). That makes hashes ideal for verifying integrity — if the hash matches, the content matches.

Common uses

File integrity checks (download checksums)
Content-addressed storage (Git uses SHA-1; IPFS uses SHA-256)
Cache keys derived from content
Detecting changes between two versions of a string
Generating deterministic IDs from input