Client-side utility

Hash Generator for MD5, SHA-1, SHA-256 and more

Type or paste any string and instantly generate six popular hashes in your browser without sending the value to the server.

6 algorithms Auto updates Copy each result

Input

Hashes refresh while you type. Whitespace and line breaks are included exactly as entered.

0chars 0bytes

MD5

SHA-1

SHA-224

SHA-256

SHA-384

SHA-512

Algorithm comparison

All six algorithms run in your browser. Understanding the differences helps you pick the right one for each job.

MD5 Deprecated

Output: 128 bit / 32 hex
Use case: File integrity checks on trusted systems (not security-critical)

SHA-1 Legacy

Output: 160 bit / 40 hex
Use case: Git commit IDs and legacy certificate chains (avoid for new work)

SHA-224 Secure

Output: 224 bit / 56 hex
Use case: Constrained environments where a shorter SHA-2 digest is required

SHA-256 Secure

Output: 256 bit / 64 hex
Use case: Digital signatures, TLS certificates, blockchain, general-purpose hashing

SHA-384 Secure

Output: 384 bit / 96 hex
Use case: TLS 1.3 cipher suites and subresource integrity (SRI) tags

SHA-512 Secure

Output: 512 bit / 128 hex
Use case: Password hashing pipelines and high-security data archiving

How hash functions work

A hash function takes any input - a single character or an entire file - and produces a fixed-length string called a digest. Feed the same input twice and you always get the exact same output. Change even one byte and the digest changes completely. This is the avalanche effect.

Hashing is a one-way operation: there is no mathematical inverse that reconstructs the original input from its digest. That property makes hashes useful for verifying file integrity without storing the file itself, and for confirming a password matches without ever saving the plaintext.

Collision resistance is what separates modern algorithms from deprecated ones. A collision occurs when two different inputs produce the same digest. MD5 and SHA-1 are vulnerable to crafted collisions, which is why they are no longer trusted for security-sensitive tasks. SHA-256 and above have no known practical collisions.

Choosing the right algorithm

MD5 Only for non-security checksums where legacy tools require it. Never for passwords or signatures.
SHA-1 Avoid for new projects. Acceptable only when interoperating with systems that have not yet migrated.
SHA-256 The safe default for most uses: file verification, API request signing, HMAC keys.
SHA-512 Prefer when building a password-hashing pipeline or when a larger digest is needed for extra margin.
SHA-384 Use for browser subresource integrity (SRI) attributes and TLS 1.3 compatible cipher negotiation.
SHA-224 Niche use in constrained devices or protocols with a hard limit on digest size.

Frequently asked questions

Common questions about hash functions and how to use them safely.

No. Hash functions are one-way by design. There is no mathematical inverse that reconstructs the original string from its digest. Attacks that appear to 'crack' hashes are actually dictionary lookups or brute-force searches - they find an input that produces the same hash, not the original text itself.

Neither directly. MD5 and SHA-256 are general-purpose hash functions designed to be fast, which makes them easy to brute-force when used for passwords. Use a purpose-built slow hash function such as bcrypt, scrypt, or Argon2 for passwords. These add deliberate computation cost and a per-password salt that makes large-scale cracking impractical.

No. All hashing runs entirely in your browser using the CryptoJS library. Your text never leaves your device and the server only serves the page assets. This makes the tool safe for hashing sensitive strings such as API keys or configuration values you need to verify.

A collision occurs when two different inputs produce the same hash digest. Collisions are unavoidable in theory because hash outputs are fixed-length while inputs are unlimited, but a secure algorithm makes collisions computationally impossible to find deliberately. MD5 and SHA-1 have known practical collision attacks, meaning an attacker can forge a file or certificate that matches a legitimate digest. SHA-256 and above have no known practical collisions.

More privacy tools

Everything you need to share private data safely - free, no account, runs in your browser.

Encrypted messaging

SecretNote

Write a private note, generate a one-time link, and share it. The note self-destructs the moment it is read - nothing is stored, nothing leaks.

Burns after reading AES-256 encrypted No account needed

Create a secret note

Screenshot sharing

SecretScreen

Upload a screenshot and get a self-destructing share link. The image is encrypted before upload and deleted after the first view - no permanent hosting.

View once Multiple screenshots No account needed

Share a screenshot

Secure file transfer

SecretFile

Upload any file and share a one-time download link. The file is encrypted end-to-end and permanently deleted after the recipient downloads it.

One-time download Auto-expires No account needed

Send a secret file

Client-side utility

Hash Generator

Instantly generate MD5, SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 hashes in your browser. Your input is never sent to the server.

6 algorithms Live output No account needed

Generate a hash

Client-side security tool

Password Generator

Generate strong, random passwords with full control over length and character sets. Everything runs locally - your passwords never touch a server.

Cryptographically random Fully customisable No account needed

Generate a password