Hash Generator
Compute cryptographic hashes for text using the browser SubtleCrypto API. Inputs never leave the page.
Add this tool to your own site with one line of HTML. Free forever — just keep the small credit link.
How to use Hash Generator
- Type or paste your text into the input area.
- Hashes update automatically as you type.
- Click any hash to copy it to your clipboard.
What a cryptographic hash actually is
A hash function takes input of any length — a word, a novel, a disk image — and produces a fixed-size fingerprint called a digest. The same input always yields the same digest, and two different inputs are practically guaranteed to yield different ones (collision resistance). That combination makes hashes the standard way to verify integrity: if the digest matches, the content matches. Because the digest is the whole point — a value you compare, not data you transmit — every algorithm here runs in the page and nothing you type is sent anywhere.
The avalanche effect: one character, a completely new digest
Try it in the tool above. The SHA-256 of hello begins 2cf24dba5fb0…; capitalize one letter to Hello and it becomes 185f8db32271… — every part of the digest changes, not just one corner of it. A well-designed hash flips about half of its output bits for any single-bit change in the input. This is what makes digests useful as fingerprints: a near-identical file does not get a near-identical hash, so even the smallest corruption or tampering is unmistakable.
Digest sizes at a glance
- MD5 — 128 bits, 32 hex characters. Broken for security since 2004.
- SHA-1 — 160 bits, 40 hex characters. Practical collisions demonstrated in 2017.
- SHA-256 — 256 bits, 64 hex characters. The modern default.
- SHA-512 — 512 bits, 128 hex characters. Often faster on 64-bit CPUs.
Why MD5 and SHA-1 are deprecated
Both algorithms have practical collision attacks: researchers can construct two different inputs that hash to the same digest. MD5 collisions have been cheap to produce since 2004, and they have been weaponized — the Flame malware used one to forge a Microsoft code-signing certificate. SHA-1 fell in 2017 when Google's SHAttered project published two different PDFs with identical SHA-1 digests. Collisions matter wherever a hash stands in for trust: certificates, signatures, deduplication. They matter less for accidental-corruption checks, which is why MD5 checksums still float around on download pages — but for anything new, use SHA-256.
Hashing, encryption, and encoding are three different things
Developers mix these up constantly. Encoding (like Base64) transforms data so it survives transport and is trivially reversible by anyone. Encryption scrambles data so that only key holders can reverse it. Hashing destroys the data on purpose: the digest cannot be turned back into the input. So you encrypt a message you need to read later, encode binary you need to ship as text, and hash a value you only ever need to compare.
A note on passwords
Fast hashes are the wrong tool for passwords precisely because they are fast — a modern GPU can compute billions of SHA-256 digests per second, which makes brute-forcing leaked digests cheap. Password storage needs deliberately slow, salted functions: bcrypt, scrypt, or argon2 with a tuned work factor. Use this generator for checksums, cache keys, and fingerprints, not for anything a user types to log in.
Common uses
- File integrity checks (download checksums)
- Content-addressed storage (Git uses SHA-1; IPFS uses SHA-256)
- Cache keys derived from content
- Detecting changes between two versions of a string
- Generating deterministic IDs from input
Related tools
- Password Strength Checker — see how long a password would survive a brute-force attack.
- Random Token Generator — generate cryptographically secure secrets and API keys.
- Htpasswd Generator — create properly hashed credentials for HTTP basic auth.
- Base64 Encoder / Decoder — encoding, not hashing: see the difference for yourself.
Frequently asked questions
Are MD5, SHA-1, SHA-256, and SHA-512 secure for passwords?
When would I use which?
Could my input end up in someone’s logs?
Why does the same text always produce the same hash?
Can I hash a file?
Can a hash be reversed to get the original text back?
What is the avalanche effect?
Is hashing the same as encryption?
Related tools
More tools you might find useful in the same flow.
Base64 Encoder
Base64 encoder and decoder online: convert text to Base64 or decode Base64 strings back to readable text. UTF-8 safe, instant, and free to use with no signup.
Regex Tester
Free regex tester with live match highlighting, capture groups, and replacement preview. JavaScript flavour. All matching runs locally — no server.
UUID Generator
UUID generator online — create one or hundreds of version 4 UUIDs at once using cryptographically secure randomness. Free, instant, and no signup required.
JSON Formatter
Free JSON formatter, validator, and minifier with line/column error reporting. Sensitive payloads stay on your device — nothing is sent to a server.
Built by Muhammad Tahir · About