Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes from any text. All algorithms computed simultaneously.
Share this tool
Found it useful? Help a fellow developer discover it.
| Algorithm | Output size | Speed | Use today? | Common uses |
|---|---|---|---|---|
| MD5 | 128 bits / 32 hex | Very fast | ❌ Broken | Legacy checksums, file integrity (non-security), cache keys |
| SHA-1 | 160 bits / 40 hex | Fast | ❌ Broken | Legacy systems, Git object IDs (not for security) |
| SHA-256 | 256 bits / 64 hex | Fast | ✅ Secure | TLS certificates, JWT signing, password hashing (with bcrypt), checksums |
| SHA-384 | 384 bits / 96 hex | Fast | ✅ Secure | TLS 1.2/1.3, Subresource Integrity (SRI), where extra security margin is needed |
| SHA-512 | 512 bits / 128 hex | Fast | ✅ Secure | High-security signatures, HMAC, password hashing, long-term archival integrity |
A cryptographic hash function takes an input of any length and produces a fixed-size output (the digest). It has three key properties: determinism (same input always yields the same hash), avalanche effect (a single bit change in the input completely changes the output), and pre-image resistance (you cannot reverse the hash to recover the input). Hash functions are used for checksums, data integrity verification, digital signatures, and password storage.
Note: MD5 and SHA-1 are considered cryptographically broken for security purposes. Collision attacks are practical. Use SHA-256 or stronger for any security-sensitive application. MD5 and SHA-1 are still fine for non-security uses like checksums and cache keys.
Paste or type your text into the input panel and the SHA-256 hash appears instantly in the output row labeled SHA-256. All five algorithms (MD5, SHA-1, SHA-256, SHA-384, SHA-512) are computed simultaneously so you can pick the one you need. Click Copy next to any hash to copy it to your clipboard.
Download the file and note the expected hash published by the software vendor or sender. Paste the file contents (or the checksum string if provided) into this tool and generate the same algorithm. Compare the result to the expected hash character by character. If they match exactly, the file has not been modified. If they differ, the file may be corrupted or tampered with.
No. MD5 is cryptographically broken. Practical collision attacks exist, meaning two different inputs can produce the same hash. Do not use MD5 for passwords, digital signatures, or certificate fingerprints. MD5 is still acceptable for non-security uses like cache keys and ETag generation where collision resistance is not a security requirement.
None of the algorithms shown here directly. For passwords, use a purpose-built key derivation function like bcrypt, Argon2, or PBKDF2. These are intentionally slow and include salting to prevent rainbow table attacks. Raw SHA-256 is too fast. An attacker can compute billions of SHA-256 hashes per second with a GPU.
Yes. MD5 runs in pure JavaScript in your browser, and the SHA algorithms use the Web Crypto API built into your browser. Nothing leaves your device. Be cautious about pasting sensitive credentials into any web tool, because even browser-only tools can be affected by browser extensions with broad permissions.
The most common cause is line endings. Windows uses CRLF and Unix or Mac use LF. Even a single extra byte changes the entire hash. Make sure your comparison accounts for line ending normalization before drawing conclusions about a mismatch.
SHA-256 and SHA-512 are both part of the SHA-2 family. SHA-512 produces a longer digest (512 bits vs 256 bits) and uses 64-bit words internally, making it faster than SHA-256 on 64-bit processors. SHA-256 uses 32-bit words and is faster on 32-bit hardware. For most purposes SHA-256 is sufficient. Use SHA-512 when you need more collision resistance or when your platform benchmarks it faster.
Hashing is a one-way function. Given a hash, you cannot recover the original input. Encryption is two-way: data encrypted with a key can be decrypted with the corresponding key. Use hashing for integrity verification, fingerprinting, and password storage (via bcrypt/Argon2). Use encryption when you need to retrieve the original data, for example storing secrets or transmitting private messages.
UUID / ULID Generator
Generate RFC-4122 UUIDs (v1, v4, v5) and ULIDs instantly.
Password Generator
Generate cryptographically secure passwords and EFF-style passphrases using the Web Crypto API.
JWT Generator & Verifier
Generate and verify JWT tokens with HS256 or RS256 signing.
Base64 Encoder / Decoder
Encode or decode Base64 strings instantly. Supports standard and URL-safe variants.
