Hash Generator — MD5, SHA-256, SHA-512
Generate cryptographic hashes instantly in your browser. Supports MD5, SHA-1, SHA-256, SHA-384, and SHA-512. All processing is 100% client-side — your data never leaves your browser.
Web Crypto API and a local MD5 implementation. Zero network requests.
Generate Hash
All Algorithms at Once
Hash the same input with all five algorithms simultaneously.
| MD5 | — | |
| SHA-1 | — | |
| SHA-256 | — | |
| SHA-384 | — | |
| SHA-512 | — |
Compare Hashes
Paste two hash values to verify they match — useful for checking file integrity or comparing checksums.
What is a Hash Function?
A hash function is a mathematical algorithm that transforms an input of any length into a fixed-length output called a hash, digest, or checksum. Hash functions are the foundation of modern cryptography, used in digital signatures, certificate verification, password storage, data integrity checking, and content addressing.
Three properties define a cryptographic hash function: determinism (identical inputs always produce identical outputs), avalanche effect (a small change in input radically changes the output), and one-way (you cannot reverse a hash to recover the original input). A secure hash function also resists collision attacks — finding two different inputs that produce the same hash.
Hash Algorithm Comparison
| Algorithm | Output Length | Security Status | Common Use Cases |
|---|---|---|---|
MD5 |
128 bits (32 hex) | Broken | Checksums, cache keys, non-security deduplication |
SHA-1 |
160 bits (40 hex) | Deprecated | Legacy systems, Git object IDs (transitioning) |
SHA-256 |
256 bits (64 hex) | Secure | TLS certificates, code signing, Bitcoin, JWTs |
SHA-384 |
384 bits (96 hex) | Strong | TLS 1.2+, government/compliance requirements |
SHA-512 |
512 bits (128 hex) | Strong | High-security applications, digital forensics, archival |
Hashing in JavaScript with Web Crypto API
Modern browsers expose the crypto.subtle.digest() API for computing SHA hashes entirely client-side, with no dependencies. The following example computes a SHA-256 hash and converts the result to a hex string:
async function sha256(message) {
const encoder = new TextEncoder();
const data = encoder.encode(message);
const hashBuffer = await crypto.subtle.digest('SHA-256', data);
const hashArray = Array.from(new Uint8Array(hashBuffer));
return hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
}
// Usage
const hash = await sha256('hello world');
console.log(hash);
// => b94d27b9934d3e08a52e52d7da7dabfac484efe04294e576f4...Web Crypto does not support MD5 since MD5 is not considered cryptographically secure. For MD5, a pure JavaScript implementation is used as a fallback.
Frequently Asked Questions
What is a hash function?
A hash function takes an input (text, file, or any binary data) and produces a fixed-length string of characters. The same input always produces the same hash, but any change in the input — even a single character — produces a completely different hash. This makes hashes useful for detecting changes in data, verifying downloads, and storing passwords without saving the original value.
What is the difference between MD5 and SHA-256?
MD5 produces a 128-bit (32 hex character) digest and is fast to compute, but cryptographic collisions can be intentionally crafted — two different inputs can be made to produce the same MD5 hash. This makes MD5 unsuitable for any security purpose. SHA-256 produces a 256-bit digest and remains secure against all known attacks. Use SHA-256 or SHA-512 for any security-sensitive application. MD5 is acceptable only for non-security uses like cache keys or non-critical checksums.
Is hashing reversible? Can I decrypt a hash?
No — hashing is a one-way operation by design. There is no algorithm to recover the original input from a hash. However, short or common inputs can be found via brute force or precomputed rainbow tables. This is why passwords must be hashed with slow, salted algorithms like bcrypt or Argon2, not with fast algorithms like SHA-256. The hash algorithms on this page are designed for data integrity and checksums, not for password storage.
Should I use SHA-256 for hashing passwords?
No. SHA-256 and other general-purpose hash functions are intentionally fast, which makes brute-force attacks trivially feasible on modern hardware (billions of hashes per second). For passwords, use dedicated slow hashing algorithms: bcrypt (most widely supported), Argon2id (modern best practice, winner of the Password Hashing Competition), or scrypt. These are designed to be computationally expensive and include built-in salting to defeat rainbow table attacks.
Related Developer Tools
- Base64 Encoder & Decoder — encode and decode Base64 strings instantly in your browser
- JWT Decoder & Inspector — decode JSON Web Tokens and inspect claims client-side
- ENV File Inspector — validate .env files and detect exposed API keys and secrets
- URL Encoder & Decoder — percent-encode and decode URL strings and query parameters