Hash Generator
Type or paste text to see its MD5, SHA-1, SHA-256, SHA-384 and SHA-512 hashes, all calculated instantly in your browser.
What these hashes are for
A hash function turns any input into a fixed-length string of characters — the same input always produces the same hash, but even a tiny change in input produces a completely different hash. MD5 and SHA-1 are older and no longer considered secure against determined attackers (both have known collision weaknesses), but remain common for non-security uses like checksums. SHA-256 and above are the current standard for security-sensitive uses like password storage and digital signatures.
Common uses
- Verifying a downloaded file matches its published checksum
- Generating a quick fingerprint of a piece of text or data
- Checking whether two files or text blocks are byte-for-byte identical (matching hashes means identical content)
Frequently asked questions
Is MD5 secure?
No — MD5 has known collision vulnerabilities (different inputs can produce the same hash), so it shouldn't be used for security purposes like password storage. It's still commonly used for non-security checksums, like verifying a file wasn't corrupted during download.
Which hash should I use for password storage?
None of the hashes here are recommended for storing passwords directly — proper password storage should use a purpose-built algorithm like bcrypt, scrypt, or Argon2, which are deliberately slow to resist brute-force attacks. General-purpose hashes like SHA-256 are too fast, making them unsuitable on their own for password storage.
Why do two slightly different texts produce completely different hashes?
This is by design — a good hash function is meant to produce a large, unpredictable change in output even for a tiny change in input (called the avalanche effect), which is what makes hashes useful for detecting even single-character differences.
Is my text uploaded when I generate a hash?
No — every hash is calculated directly in your browser using JavaScript (for MD5) and the browser's built-in Web Crypto API (for SHA family hashes). Nothing is sent to a server.