// generate MD5, SHA-1, SHA-256, SHA-512 hashes instantly
Generate cryptographic hashes instantly in the browser. MD5, SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-160 — text or file input, HMAC support, compare hashes. Free, no signup.
Type or paste text directly, or switch to File mode and drop any file. All supported hashes are computed simultaneously and update live as you type.
Toggle "HMAC mode" to compute keyed-hash message authentication codes for SHA-256 and SHA-512. Enter your secret key or click Random to generate one.
Click the copy button next to any hash, or use "Copy All" to copy every result at once. Enable "Hash Comparison" to paste a known hash and verify it matches.
A cryptographic hash function maps any input to a fixed-size output (digest). The same input always produces the same hash; different inputs produce different hashes (collision resistance). SHA-256 and SHA-512 are the modern standards used for integrity verification and digital signatures. All hashes in this tool are computed in your browser — nothing is uploaded.
Yes. All hashing happens entirely in your browser — no text, file content, or keys are sent to any server. The tool uses your browser's native Web Crypto API for SHA-256/384/512 and HMAC, and a pure-JavaScript implementation for MD5 and SHA-1. Nothing is transmitted, stored, or logged.
For security-sensitive use cases, use SHA-256 or SHA-512. MD5 and SHA-1 are cryptographically broken — they are still widely used for checksums and non-security fingerprinting but should never be used for password storage, digital signatures, or security protocols. SHA-256 is the current standard for most applications; SHA-512 provides higher security margin at the cost of slightly more computation.
HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key. The result authenticates both the integrity of the message (it hasn't been changed) and its source (only someone with the key can produce the correct HMAC). Use it for API request signing, webhook verification, and anywhere you need to prove that a message came from a trusted sender who knows the secret key.
Hash functions are deterministic — the same input always produces the same output. This is what makes them useful for checksums and verification. The "magic" is in the collision resistance: two different inputs should never produce the same hash (or at least, it should be computationally infeasible to find two that do). This is what makes SHA-256 and SHA-512 secure, and what makes MD5 and SHA-1 insecure — collisions have been found for both.
The File API allows JavaScript to read file contents directly in the browser without uploading. The file bytes are passed through the hash functions the same way text bytes are. For large files, the tool reads the file in chunks and processes them incrementally using the streaming mode of the Web Crypto API, so memory usage stays bounded regardless of file size.
SHA-2 is a family of hash functions that includes SHA-224, SHA-256, SHA-384, and SHA-512. SHA-256 and SHA-512 are the two most widely used members. They differ in digest length (256 vs 512 bits) and internal state size. SHA-256 is faster on 32-bit hardware; SHA-512 can be faster on 64-bit hardware. Both are currently considered secure. SHA-3 is a separate, newer standard based on a different construction (Keccak).
Cryptographic hash functions are fundamental tools in computing security. They appear in password storage (bcrypt uses SHA-512 internally), file integrity verification (ISO downloads publish SHA-256 checksums), digital certificates (TLS uses SHA-256), code signing, blockchain, and version control systems (Git uses SHA-1). This tool computes all the major hash functions simultaneously so you can quickly get whichever you need.
MD5 produces a 128-bit (32 hex character) digest and was the dominant hash algorithm from the 1990s through the mid-2000s. It remains useful for non-security purposes like checksums and cache keys — its speed and universally available implementations make it practical. However, MD5 collisions have been demonstrated and it must never be used for security-sensitive purposes like password hashing or digital signatures.
SHA-256 (part of the SHA-2 family) produces a 256-bit (64 hex character) digest. It is the current standard for most security applications: TLS certificates, code signing, Bitcoin's proof-of-work, HTTPS, SSH fingerprints, and container image digests. No practical collision attacks exist against SHA-256. When in doubt about which algorithm to use, SHA-256 is the right answer for the majority of use cases.