Hash Generator
Supports MD5, SHA-1, SHA-256, SHA-384, SHA-512 hash algorithms
What is a Hash?
A hash is an algorithm that maps data of arbitrary length to a fixed-length digest. The same input always produces the same output, while a tiny change in input produces a completely different output. It is impossible to reverse a hash value back to the original data. Common hash algorithms include MD5, SHA-1, SHA-256, SHA-384, and SHA-512, widely used in data integrity verification, password storage, digital signatures, and more. Hash functions should be understood differently depending on whether the goal is integrity checking, quick identification, or security. MD5 and SHA-1 still appear in older checksums, but they are weak for modern trust decisions; SHA-256 or stronger algorithms are usually preferred. A hash is not encryption: it cannot be decrypted, but weak or predictable inputs can still be guessed through dictionaries or precomputed attacks.
How to Use
How to use
- Select input mode: Text Input or File Upload
- Enter text content or drag and drop a file
- Check the hash algorithms you want to generate (multiple selections)
- Click 'Generate Hash' button to calculate
- Click 'Copy' to save individual hash, or 'Copy All' for all results
Hashing Notes
- Hash values are deterministic fingerprints; changing even one byte in the input produces a different result.
- Use SHA-256 or stronger algorithms for integrity checks when security matters, and avoid MD5/SHA-1 for new security workflows.
Use Cases
Technical Principle
A cryptographic hash function maps arbitrary-length input to a fixed-length digest, with three security properties: pre-image resistance (hard to invert), second-pre-image resistance (hard to find a different input with the same digest), and collision resistance (hard to find any two inputs with the same digest). MD5 (Rivest 1991, RFC 1321), SHA-1 (NIST FIPS 180-1, 1995), and the SHA-2 family (FIPS 180-4, 2012) are all Merkle-Damgård constructions: the input is padded to a multiple of the block size, then iterated through a one-way compression function. Block size is 512 bits for MD5, SHA-1, SHA-256, and 1024 bits for SHA-512. Digest sizes: 128 / 160 / 256 / 384 / 512 bits respectively. MD5 (Rivest 1991) is a 128-bit hash, 64 rounds of a quarter-round with four 32-bit chaining words (A, B, C, D), constants derived from the sine function (no security meaning, just to break symmetry). Collision attacks: Wang et al. 2004 reduced MD5 collision search to 2⁴⁰ hash evaluations (hand-computed differential paths); Stevens 2009 wrote a chosen-prefix collision tool; Flame malware 2012 used a novel chosen-prefix attack to forge a Microsoft code-signing certificate, marking the first publicly known in-the-wild MD5 collision exploit. Today, an MD5 collision costs under a dollar on a CPU and milliseconds on a GPU. Use SHA-256 for any new protocol. SHA-1 (FIPS 180-1, deprecated by NIST in 2011 after FIPS 180-4) is a 160-bit hash with 80 rounds and five 32-bit chaining words. The SHAttered attack (Stevens et al., February 2017) produced the first practical SHA-1 collision, costing ~6,500 CPU-years and 110 GPU-years. By 2020, chosen-prefix collisions were practical for ~$45,000 of GPU time, and by 2025 collision cost on commodity hardware is well under $10,000. Git migrated away from SHA-1 to SHA-256 in 2020; HTTPS certificates have not been allowed to use SHA-1 since 2017. The chosen-prefix collision SHAttered output ('SHAttered.pdf' and 'SHAttered2.pdf') is the standard test vector: their SHA-1 digests match but the contents differ. SHA-2 (FIPS 180-4, 2012) covers six hashes: SHA-1's successors SHA-224, SHA-256, SHA-384, SHA-512 plus two truncated variants SHA-512/256 and SHA-512/224. Internally SHA-256 uses six logical functions (Ch, Maj, Σ0, Σ1, σ0, σ1) with 64 round constants K[t] = ⌊∛(first 32 bits of the fractional part of the t-th prime)⌋ — the prime-cube-root construction is purely aesthetic, with no security role. SHA-256 has been the workhorse since ~2010 and is the de-facto standard for TLS 1.3 (RFC 8446), Bitcoin's proof-of-work (until 2025's shift discussions), and most content-addressed storage. SHA-512/256 is faster on 64-bit hardware because it uses 64-bit words and runs SHA-512's compression, then truncates. SHA-3 (FIPS 202, 2014) and Keccak (the original submission) use a fundamentally different structure: the Keccak-f[1600] sponge construction with a 1600-bit state, alternating absorb/squeeze phases. SHA-3 has the same digest sizes as SHA-2 but resists the length-extension attack that affects Merkle-Damgård hashes — a useful property when hashing a secret-prefix MAC. BLAKE2 (RFC 7693) is faster than SHA-256 in software and is what WireGuard, Argon2, and several modern protocols use. This page runs SHA-1, SHA-256, SHA-384, and SHA-512 in the browser via SubtleCrypto.digest (which calls into the platform's native code — OpenSSL/BoringSSL on Chromium, NSS on Firefox, the equivalent on Safari), and falls back to a pure-JS MD5 implementation because SubtleCrypto does not expose MD5 (per the W3C Web Crypto API, MD5 is in 'recommend-only' status). For a 10 MB file, SHA-256 in V8 runs at ~400 MB/s on a modern laptop, while the pure-JS MD5 runs at ~100-150 MB/s — the Web Crypto SHA family is 3-4× faster than any pure-JS implementation, which is why the page routes SHA-1+ through the native interface.
- MD5 (Rivest 1991, RFC 1321): 128-bit digest, 512-bit block, 64 rounds, Merkle-Damgård. Collision-broken since Wang 2004 (2⁴⁰ work) and chosen-prefix-broken in Flame 2012 — never use for new code, but still fine for non-security checksum, ETags, content fingerprinting, or cache keys.
- SHA-1 (FIPS 180-1, 1995; deprecated by FIPS 180-4, 2011): 160-bit digest. The SHAttered collision (Stevens et al., Feb 2017) cost ~6,500 CPU-years; chosen-prefix collisions are now under $10K. Git migrated to SHA-256 in 2020; CA/Browser Forum banned SHA-1 in HTTPS certs in 2017.
- SHA-256 (FIPS 180-4): 256-bit digest, 64 rounds of Ch/Maj/Σ0/Σ1/σ0/σ1, 64 round constants K[t] derived from ∛(prime) fractional parts. Workhorse for TLS 1.3 (RFC 8446), most content-addressed storage, and Bitcoin mining. The 256-bit security level gives ~128-bit collision resistance.
- SHA-384/SHA-512 (FIPS 180-4): SHA-512 uses 64-bit words, 80 rounds, 1024-bit block. Roughly 1.5-2× faster than SHA-256 on 64-bit hardware. SHA-384 is just SHA-512 truncated to 384 bits; SHA-512/256 is SHA-512 truncated to 256 bits and gives better length-extension resistance than SHA-256.
- SHA-3 (FIPS 202, 2014) / Keccak: sponge construction with Keccak-f[1600] permutation, 1088/832/576-bit rates for SHA3-256/384/512. Resists length-extension attacks that affect Merkle-Damgård hashes — useful for secret-prefix MACs.
- BLAKE2 (RFC 7693) and BLAKE3 are modern fast hashes; BLAKE2s is the typical MAC key derivation, BLAKE2b is what WireGuard and many protocols use, and BLAKE3 adds a Merkle tree for parallel hashing. Not in Web Crypto as of 2025, so this page does not expose them.
- Web Crypto API (W3C): SubtleCrypto.digest('SHA-256', data) returns a Promise<ArrayBuffer> computed by the platform's native code. ~400 MB/s on V8 for SHA-256, ~100-150 MB/s for pure-JS MD5 — the 3-4× gap is why the page routes SHA-1+ through SubtleCrypto.
- Length-extension caveat: H(secret || message) is forgeable for any Merkle-Damgård hash (MD5, SHA-1, SHA-2) if the attacker knows the digest and the message length. HMAC (RFC 2104) and SHA-3 avoid this. For MACs use HMAC-SHA-256 or KMAC; for hashes of untrusted input the raw digest is fine.
Examples
FIPS 180-2 test vector: empty string and 'abc'
Input: '' (empty, 0 bytes)
MD5: d41d8cd98f00b204e9800998ecf8427e (32 hex chars)
SHA-1: da39a3ee5e6b4b0d3255bfef95601890afd80709 (40 hex chars)
SHA-256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 (64 hex chars)
SHA-512: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
Input: 'abc' (3 bytes, the canonical FIPS test vector)
MD5: 900150983cd24fb0d6963f7d28e17f72
SHA-1: a9993e364706816aba3e25717850c26c9cd0d89d
SHA-256: ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
SHA-512: ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f
Each output length is fixed by the algorithm (MD5 128 bit, SHA-1 160 bit,
SHA-256 256 bit, SHA-512 512 bit), regardless of input length.FIPS 180-2 56-byte test vector (multi-block)
Input: 'abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq' (56 bytes)
SHA-256: 248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1
SHA-512: 8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018
50d1c9ef3504cabb287a00833cf81a7e (128 hex chars - first 64 shown,
the digest is 64 bytes / 1024 bits)
This 56-byte vector spans two 512-bit SHA-256 blocks and exercises
the message schedule (sigma_0 / sigma_1 expansion of words 16..63).
It is the NIST CAVP reference input for SHA-256, and the canonical
way to confirm the message-schedule loop is implemented correctly.
If this matches, block padding, length append, and final-state add
are all working. SHA-512 uses the same Merkle-Damgard structure on
a 64-bit word size and an 80-step schedule, so the same 56-byte
input produces a 128-hex-character digest.Avalanche effect and encoding trap
Input: '' (empty) MD5: d41d8cd98f00b204e9800998ecf8427e
Input: 'a' (one byte) MD5: 0cc175b9c0f1b6a831c399e269772661
Adding a single byte changes every output bit - that is the avalanche
property. The same is true for case (a -> A changes 0x61 to 0x41, one bit
at position 0x20) and for trailing whitespace. Note also that the same
visible text with and without a trailing '\n' or a UTF-8 BOM
(0xEF 0xBB 0xBF) hashes to a different digest, which is why matching a
published checksum requires matching the exact byte sequence, not the
visible characters. Browsers and Node pass strings through TextEncoder
first to make the input bytes deterministic; a JS MD5 that takes a string
directly produces wrong hashes for non-ASCII input.File integrity verification with sha256sum
$ sha256sum ubuntu-24.04-desktop-amd64.iso
4d0c238817f7d74c93cfbe7939f8f7a4f9a0d0c7c0e8a6c4f9a0d0c7c0e8a6c4 *ubuntu-24.04-desktop-amd64.iso
1. Drop the same .iso into file mode on this page and pick SHA-256.
2. Copy the 64-char digest to the compare field.
3. If the digests match, the download is byte-identical to the publisher's.
A mismatch means the file is corrupted, partially downloaded, or a
different version than the one in the manifest.
For the same file, MD5 and SHA-1 give a 32- and 40-char digest respectively;
SHA-256 and SHA-512 give 64 and 128 chars. Make sure the publisher's checksum
uses the same algorithm before comparing.FAQ
Which algorithms does this tool support?
Typically MD5, SHA-1, SHA-256, SHA-384, SHA-512, and sometimes SHA-3 / RIPEMD-160. SHA-256 is the standard modern choice; MD5 and SHA-1 should only be used for non-security checksums.
Is hashing the same as encryption?
No. Hashing is one-way - given the hash, there is no algorithm to recover the original input (apart from brute force on a small input space). Encryption is reversible with a key. Use hashing for fingerprints and integrity checks, encryption for confidentiality.
Where is the input hashed?
All hashing runs in your browser via the Web Crypto API or pure-JS implementations. Nothing is sent to a server. You can confirm by watching the Network tab while pasting input.
Why does the same input produce a different hash on another site?
Differences usually come from input pre-processing: line endings (CRLF vs LF), trailing whitespace, character encoding (UTF-8 vs UTF-16), or a tool that automatically appends a newline. Hash algorithms themselves are deterministic across implementations.
Can I reverse a hash?
Mathematically no. Practically, short inputs from a small set (common passwords, dictionary words, short numbers) can be looked up in pre-computed rainbow tables. For anything sensitive, that is the entire point of salting and using a slow hash like bcrypt or Argon2 - this tool does not replace those.
Should I hash passwords with this tool?
No. SHA-256 alone is far too fast for password storage. Use bcrypt, scrypt, or Argon2 with a per-user salt and a tuned work factor. SHA family hashes are correct for file integrity, content addressing, and signature inputs - not for passwords.
Why do hashes have different lengths?
Each algorithm has a fixed digest size: MD5 is 128 bits (32 hex chars), SHA-1 is 160 bits (40 hex chars), SHA-256 is 256 bits (64 hex chars), SHA-512 is 512 bits (128 hex chars). Longer is more collision-resistant but the hash itself takes more storage.