Hash generator (MD5, SHA-1, SHA-256, SHA-512)
Compute MD5, SHA-1, SHA-256, and SHA-512 hashes instantly in your browser. Nothing is sent to a server.
Enter any text in the box below. All four hashes update as you type. Click the copy icon next to any hash to copy it to your clipboard.
Hash generator input and results
0 bytes
Hashing runs in your browser via Web Crypto API (SHA) and a pure-JS implementation (MD5). No data leaves this page.
Hashes
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
How hashing works
A hash function takes an input of any length and produces a fixed-length output. The same input always produces the same hash (deterministic), but even a one-character change produces a completely different hash (avalanche effect). Hash functions are one-way — you cannot reconstruct the input from the hash, only verify that a known input matches a stored hash.
SHA-256 and SHA-512 are computed using the browser's native Web Crypto API
(crypto.subtle.digest). MD5 is
computed using a pure JavaScript implementation of RFC 1321, since Web Crypto
intentionally omits MD5 as cryptographically broken. For security-critical
applications, use SHA-256 or SHA-512.
About this tool
This tool computes MD5, SHA-1, SHA-256, and SHA-512 hashes of any text input entirely in your browser. Nothing is transmitted to a server. SHA variants use the browser's built-in Web Crypto API; MD5 is computed via a pure JavaScript implementation (Web Crypto intentionally excludes MD5 as cryptographically broken). All four hashes update instantly as you type.
Frequently asked questions
Which algorithm should I use?
SHA-256 is the current general-purpose standard — it's used in TLS certificates, code signing, and most modern cryptographic systems. SHA-512 provides a larger hash (512 vs 256 bits) and may be marginally faster on 64-bit CPUs for large inputs. SHA-1 is deprecated for security use (collision attacks were demonstrated in 2017) but still appears in legacy systems and Git object IDs. MD5 is broken for security purposes — collisions can be constructed in seconds on consumer hardware — but remains widely used for non-security checksums (file integrity, ETags, cache keys).
Is it safe to hash sensitive data here?
Hashing runs entirely in your browser using JavaScript and the Web Crypto API. No text is sent to any server. That said, if you're hashing passwords or highly sensitive credentials, be aware that browser extensions and page scripts can read input fields — only hash sensitive data in a trusted, isolated environment.
Why does the same text produce different hashes with different algorithms?
Each algorithm is a different mathematical function with different output lengths. MD5 always produces 128 bits (32 hex characters), SHA-1 produces 160 bits (40 chars), SHA-256 produces 256 bits (64 chars), and SHA-512 produces 512 bits (128 chars). The same input will always produce the same output for a given algorithm, but different algorithms produce different outputs by design.
What is a hash used for?
Hashes have three main uses. Integrity verification — compare the hash of a downloaded file against the publisher's known hash to confirm it wasn't modified in transit. Password storage — store the hash of a password (with a salt) rather than the password itself, so a database leak doesn't expose plaintext passwords. Deduplication and caching — hash file contents to detect duplicates, or hash request parameters to generate cache keys. For password storage, use purpose-built functions (bcrypt, Argon2, scrypt) rather than general-purpose hashes.