All Tools

Hash Generator

Generate SHA-256, SHA-512, SHA-384, SHA-1, and MD5 hashes from text or files.

Type or paste text, or upload a file, then hit Hash. All five algorithms run at once.

When to use which algorithm

  • SHA-256 — best default for security purposes (passwords, signatures, certificates)
  • SHA-512 — stronger but produces a longer hash; good for high-security use cases
  • SHA-384 — SHA-512 truncated to 384 bits; used in TLS and some certificate standards
  • SHA-1 — legacy; widely supported but not safe for security — use for checksums only
  • MD5 — fastest; broken for security; only use for non-security checksums and legacy compatibility
Tip: SHA-256/512/384 use the browser's native Web Crypto API. Files never leave your device.
SHA-256
SHA-512
SHA-384
SHA-1
MD5
How hashing works

A hash function takes any input and produces a fixed-size fingerprint called a digest. The same input always gives the same hash, but even a single character change produces a completely different result. Hashing is one-way — it is not possible to recover the original data from a hash.

Which algorithm to use

Use SHA-256 for anything security-related (checksums, digital signatures, password hashing with a salt). SHA-512 offers a larger margin. Avoid MD5 and SHA-1 for security — both have known collision attacks. MD5 is still fine for non-security checksums.

File checksums

Software downloads often publish their SHA-256 hash. Hash the file you downloaded and compare it against the published value. Any mismatch means the file changed in transit — corrupted or possibly tampered. This tool hashes text; use sha256sum on the command line for files.

Password storage

Services store password hashes, not plain passwords. If the database leaks, attackers only see hashes and must brute-force matching inputs. For passwords specifically, use a slow algorithm (bcrypt, Argon2) — raw SHA-256 is too fast to resist brute force without iteration.

Collision

Two different inputs producing the same hash. Mathematically inevitable but engineered to be practically impossible in secure algorithms. MD5 collisions can be crafted in seconds on modern hardware — never use it for security. SHA-256 has no known practical collision attack.