Hash Generator

Type or paste text and see all five common hashes side-by-side, updated as you type. Hashes are computed in your browser via the Web Crypto API β€” your input never leaves the page.

MD5⚠ broken β€” legacy only
β€”
SHA-1⚠ deprecated
β€”
SHA-256recommended default
β€”
SHA-384
β€”
SHA-512
β€”
What is a hash function?

Hashes in 30 seconds

A hash function takes any input β€” a word, a file, a billion bytes β€” and produces a fixed-size fingerprint. Same input always gives the same fingerprint. The hash is one-way: you can't recover the input from the hash.

What hashes are used for

  • File integrity β€” "this download wasn't tampered with"
  • Password storage β€” never store passwords; store their hash (with salt)
  • Deduplication β€” same hash = same data
  • Digital signatures β€” sign the hash, not the whole document
  • Blockchains β€” every block contains the previous block's hash

Which algorithm should I use?

  • SHA-256 β€” the modern default. Use this unless you have a specific reason not to.
  • SHA-512 β€” twice the output size, faster on 64-bit systems, used in some legacy systems.
  • SHA-1 β€” deprecated. Collisions have been found in practice. Don't use for new systems.
  • MD5 β€” broken since 2004. Collision attacks are trivial. Still appears in legacy file checksums (e.g., old Linux mirror lists).

For passwords, hashing isn't enough

Real password storage uses purpose-built algorithms β€” bcrypt, scrypt, argon2 β€” that are deliberately slow and accept a per-user salt. Hashing a password with SHA-256 is much, much weaker than hashing with bcrypt.