Hash Generator (SHA-1, SHA-256, SHA-512, MD5)
Type or paste text to compute all four hashes live, with per-hash copy buttons. Everything runs in your browser — nothing is uploaded.
About this tool
The SHA family is computed with the browser's built-in crypto.subtle.digest, the same Web Crypto implementation production code uses, so results match sha256sum and friends byte-for-byte (input is UTF-8 encoded). MD5 isn't part of Web Crypto, so the page ships a small pure-JavaScript implementation of the RFC 1321 algorithm, verified against the standard test vectors.
Your text never leaves this page — hashing happens locally, there is no server, no upload, and no tracking of tool inputs. Note that hashing is one-way and unsalted here: it's meant for checksums and comparisons, not for storing passwords, which need a dedicated slow hash like bcrypt or Argon2.
Frequently asked questions
Is MD5 still safe to use?
Not for anything security-related. MD5 collisions have been practical since 2004, and chosen-prefix collisions — two attacker-crafted files with the same hash — are cheap today, so MD5 must never back signatures, certificates, or integrity checks against an adversary. To be precise, no practical preimage attack exists, so MD5 as a non-adversarial checksum or cache key still functions; but with SHA-256 built into every platform there is little reason not to upgrade.
Which hash should I use for passwords?
None of the four on this page. General-purpose hashes are designed to be fast, and fast is exactly wrong for passwords — GPUs try billions of SHA-256 guesses per second. Use a dedicated, deliberately slow, salted password-hashing function: Argon2id (first choice per OWASP), scrypt, or bcrypt. Salting alone does not fix SHA-256; the work factor is the point.
What is the difference between hashing and encryption?
Encryption is reversible: with the key you get the original data back. Hashing is one-way: it compresses any input to a fixed-size digest with no key and no way to reconstruct the input other than guessing. That is why sites can't email you your password if it was properly hashed — and why a leaked hash of a strong password is far less damaging than a leaked encrypted password with its key.
Why does my file's hash differ from the same text hashed here?
A hash covers exact bytes, so any invisible difference changes it completely: a trailing newline added by your editor, Windows CRLF vs Unix LF line endings, a UTF-8 BOM, or a different text encoding. This page hashes the UTF-8 bytes of what you type, with no added newline. To hash an actual file byte-for-byte — for example to verify a download — use the File Hash Calculator on this site.
Is SHA-1 broken too?
Yes, for collision resistance: the 2017 SHAttered attack produced two different PDFs with the same SHA-1 hash, and chosen-prefix collisions followed in 2020. Browsers and CAs rejected SHA-1 certificates years ago, and Git is migrating to SHA-256. Like MD5, preimage resistance still stands, and HMAC-SHA1 is not practically broken — but for new designs use SHA-256 or SHA-512 everywhere.