Hash Generator (MD5, SHA-1, SHA-256, SHA-384, SHA-512)
Generate cryptographic hashes of any text. MD5, SHA-1, SHA-256, SHA-384, SHA-512. Runs in your browser.
What a hash does and doesn't do
A cryptographic hash takes any input โ a word, a file, a billion-byte database dump โ and produces a fixed-length fingerprint. The same input always produces the same hash, but you cannot reverse a hash to get the original input. This makes hashes useful for:
- Verifying file integrity โ download a file with its SHA-256 published alongside, hash your copy, compare.
- Password storage โ never store raw passwords; store a salted hash (using bcrypt/scrypt/Argon2, not raw SHA).
- Deduplication โ files with the same hash are (almost certainly) identical content.
- Cryptographic signing โ hash the document, sign the hash. Faster than signing the whole document.
Algorithm choices and when to use them
| Hash | Output bits | Status | Use cases |
|---|---|---|---|
| MD5 | 128 | Broken โ collisions known since 2004 | Non-security: file dedup, etag, cache keys |
| SHA-1 | 160 | Broken โ practical collision 2017 (Google SHAttered) | Legacy compat only; never new security work |
| SHA-256 | 256 | Current standard | File integrity, signatures, Bitcoin, TLS certs |
| SHA-384 | 384 | Truncated SHA-512 | Required by some compliance regimes (FIPS) |
| SHA-512 | 512 | Stronger margin than SHA-256 | Long-term integrity, password key derivation |
For passwords
Plain SHA-256 is the wrong tool for password hashing. Use Argon2id (recommended), bcrypt, or scrypt. These are deliberately slow and memory-hard to resist GPU cracking. Storing passwords as raw SHA-256(password) is functionally equivalent to storing them in plain text.