Hash Generator
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from any text. All hashing is performed in your browser using the Web Crypto API — your text is never transmitted.
Input
FAQ
Should I use MD5 or SHA-1 for passwords?▼
No. MD5 and SHA-1 are cryptographically broken for security purposes. Never use them to hash passwords. Use bcrypt, Argon2, or scrypt instead. SHA-256/512 are acceptable for checksums.
Are hashes reversible?▼
No. Hash functions are one-way — you cannot derive the original text from the hash. However, short or common inputs can be found via rainbow tables.
What is a hash used for?▼
Hashes verify file integrity, store password fingerprints, generate content-based IDs (e.g., Git commit hashes), and create digital signatures.
Frequently Asked Questions
Which hash algorithm should I use?
Use SHA-256 or SHA-512 for modern security applications. MD5 and SHA-1 are cryptographically broken and should not be used for security purposes — only for legacy compatibility or non-security checksums.
Is my data sent to a server?
No. All hashing is performed entirely in your browser using the Web Crypto API (SHA family) and a pure JavaScript MD5 implementation. Your data never leaves your device.
What is the difference between MD5 and SHA-256?
MD5 produces a 128-bit (32 hex char) hash and is fast but cryptographically broken. SHA-256 produces a 256-bit (64 hex char) hash and is considered secure for all modern applications.
What is a Cryptographic Hash Function?
A cryptographic hash function takes any input — text, file, or password — and produces a fixed-length string called a digest. Three properties define a secure hash function:
- Deterministic — the same input always produces the same hash.
- One-way (pre-image resistant) — given a hash, it is computationally infeasible to recover the original input.
- Collision resistant — it is infeasible to find two different inputs that produce the same hash.
Changing even a single character in the input produces a completely different hash — the avalanche effect — which is essential for detecting tampering.
MD5 vs SHA-1 vs SHA-256 vs SHA-512
| Algorithm | Output size | Security | Use for |
|---|---|---|---|
| MD5 | 128-bit / 32 hex | ❌ Broken | Legacy checksums only |
| SHA-1 | 160-bit / 40 hex | ❌ Broken | Legacy Git (deprecated) |
| SHA-256 | 256-bit / 64 hex | ✅ Secure | Passwords, TLS, JWT |
| SHA-512 | 512-bit / 128 hex | ✅ Secure | High-security, HMAC |
⚠️ Important: MD5 and SHA-1 are cryptographically broken and must never be used for security purposes. Use SHA-256 or SHA-512 for all new applications.
Common Applications of Hashing
- File integrity verification — Software publishers include SHA-256 checksums so you can confirm a downloaded file was not tampered with in transit.
- Password storage — Databases store a hash of the password (ideally bcrypt or Argon2), never plaintext. On login, the input is hashed and compared.
- Digital signatures — A document is hashed, then the hash is signed with a private key, enabling verification without exposing the key.
- Data deduplication — Storage systems hash file contents to detect identical files and store only one copy, saving space.
- Git commit integrity — Every Git commit, tree, and blob is identified by its SHA hash, making history tamper-evident.
- API request signing — HMAC-SHA256 is used to sign API requests, ensuring they were not modified in transit.