Hash Generator
Compute MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes for text input or files.
Type or paste text above to generate hashes
SHA-1 / SHA-256 / SHA-384 / SHA-512 use the browser's Web Crypto API. MD5 is computed in pure JavaScript. All processing happens locally: no data is sent anywhere.
About cryptographic hash functions
A cryptographic hash function takes an input of any size and produces a fixed-size output (the hash or digest). The same input always produces the same output, but even a single-character change in the input produces a completely different hash. This is called the avalanche effect. Hash functions are one-way: you cannot recover the input from the hash.
This tool computes MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes for text or files directly in your browser. SHA hashes use the browser's Web Crypto API; MD5 is computed in pure JavaScript. All processing is local: no data is uploaded anywhere.
Step-by-step guide
- 1Choose text or file mode
Use the 'Text' tab to hash a string, or the 'File' tab to compute hashes for any local file without uploading it. - 2Enter your text or select a file
In text mode, type or paste into the textarea. In file mode, click the upload area or drag and drop any file. - 3Read the hash results
All five hash values (MD5, SHA-1, SHA-256, SHA-384, SHA-512) are computed simultaneously and displayed as hex strings. - 4Copy a hash
Click the Copy button next to any algorithm to copy that hash value to your clipboard. - 5Use the hash for verification or storage
Use the hash to verify file integrity, store password hashes (use SHA-256 or higher, ideally with a KDF like bcrypt), or as a checksum.
Related Tools
HMAC Generator
Generate HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 message authentication codes with a secret key.
Password Strength
Analyze password entropy, character composition, and estimated crack time across different attack scenarios.
AES Encrypt / Decrypt
Encrypt and decrypt text with AES-256-GCM. Password-derived key via PBKDF2. Output includes salt and IV: fully self-contained.
JWT Debugger
Decode and inspect JWT header, payload, and signature. Shows expiry status, algorithm, and all time-based claims with human-readable dates.
Frequently Asked Questions
- Is my data sent to a server?
- No. Text hashing uses the browser's Web Crypto API. File hashing reads the file locally using FileReader. In both cases, your data never leaves your device.
- What is the difference between MD5 and SHA-256?
- MD5 produces a 128-bit (32 hex chars) output and is considered cryptographically broken: collisions (two different inputs producing the same hash) can be generated. SHA-256 produces a 256-bit output and is currently considered cryptographically strong. For security-critical applications, use SHA-256 or higher.
- Can I still use MD5?
- MD5 is suitable for non-security uses such as checksums, cache keys, and deduplication where speed matters and collision resistance is not required. Never use MD5 for password hashing or digital signatures.
- Should I use SHA-256 or SHA-512 for password hashing?
- Neither SHA-256 nor SHA-512 should be used directly for password hashing. They are too fast: an attacker can try billions of guesses per second. Use a purpose-built key derivation function such as bcrypt, Argon2, or PBKDF2 instead.
- What is SHA-1 and is it safe?
- SHA-1 produces a 160-bit output. Theoretical collision attacks have been demonstrated against SHA-1 (SHAttered, 2017), so it is no longer recommended for security-critical uses. It is still used in legacy systems and Git's object addressing.
- How does file hashing work?
- The file is read into memory as an ArrayBuffer using the FileReader API. The raw bytes are then passed to the Web Crypto API for SHA hashing and to a pure-JS MD5 implementation. No file data leaves your browser.
- Can I hash large files?
- Yes. Files are read into memory, so very large files (several GB) may consume significant RAM. For most use cases (documents, images, installers), file sizes are well within browser limits.
- What is SHA-384?
- SHA-384 is a truncated variant of SHA-512 producing a 384-bit (96 hex chars) output. It offers better performance on 64-bit systems than SHA-256 due to different internal word sizes. It is used in TLS and subresource integrity (SRI) checks.
- How do I verify a file download with a hash?
- Download the file, then drag it into the File tab of this tool. Compare the SHA-256 (or the algorithm specified by the download source) output with the official checksum provided on the download page. They should match exactly.
- What is the SHA-256 hash of a string and how do I calculate it?
- The SHA-256 hash of a string is a fixed 64-character hexadecimal fingerprint produced by the SHA-256 algorithm. To calculate it: switch to the Text tab, type or paste your string, and the SHA-256 hash appears instantly. The same string always produces the same hash: even a single character change produces a completely different result.
AlteredIdea vs alternatives
vs server-side tools: Everything runs in your browser: your data never leaves your device.
vs command-line tools: No setup needed. Works instantly in any browser.
vs paid tools: Completely free, no account required.