Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from any text. All processing runs in your browser.
A cryptographic hash function converts input of any length into a fixed-length string of characters. The same input always produces the same hash, but even a tiny change in input completely changes the output. Hashes are used for password storage, file integrity verification, digital signatures, and generating unique identifiers. This tool generates MD5, SHA-1, SHA-256, and SHA-512 hashes simultaneously from any text you enter.
MD5 produces a 128-bit (32-character hexadecimal) hash. It was widely used historically but is now broken for cryptographic purposes — researchers have demonstrated practical collision attacks. MD5 is still acceptable for non-security uses like file checksums, cache keys, and deduplication. Don't use MD5 for password hashing or digital signatures.
SHA-1 produces a 160-bit (40-character hexadecimal) hash. It was deprecated by NIST in 2017 for security purposes after collision attacks became practical. However, SHA-1 is still widely used in legacy systems and Git commit identifiers. For new applications requiring security, use SHA-256 instead.
SHA-256 produces a 256-bit (64-character hexadecimal) hash and is the current industry standard for cryptographic hashing. It's used in Bitcoin, TLS certificates, code signing, and most modern security protocols. This tool computes SHA-256 using the Web Crypto API (crypto.subtle.digest), the standardized cryptographically secure browser implementation.
SHA-512 produces a 512-bit (128-character hexadecimal) hash. It offers stronger collision resistance than SHA-256 and is preferred for long-lived digital signatures and applications where future quantum or computational advances are a concern. Like SHA-256, it's computed using the Web Crypto API for cryptographic security.
Hashes are used to verify file downloads haven't been tampered with, to store passwords securely (never in plain text — always with a salt and a slow hash like bcrypt or Argon2), to generate cache keys, to deduplicate data, to create digital signatures, and to produce unique identifiers for content-addressed storage systems like Git and IPFS. This tool processes everything locally in your browser, so sensitive inputs never leave your device.
For security-critical applications (digital signatures, message authentication), use SHA-256 or SHA-512. For password hashing, do not use these directly — use bcrypt, scrypt, or Argon2 with proper salting. For non-security uses like file checksums and cache keys, MD5 is still common and acceptable.
MD5 is broken for security uses — collisions can be constructed in seconds on modern hardware. Don't use MD5 for password hashing, digital signatures, or anywhere an attacker could craft malicious inputs. MD5 remains acceptable for non-security purposes: file checksums against accidental corruption, cache keys, and deduplication.
SHA-1, SHA-256, and SHA-512 are computed using your browser's Web Crypto API (crypto.subtle.digest), which is the standardized cryptographically secure implementation. MD5 is computed in pure JavaScript locally. Either way, your input never leaves your browser — nothing is sent to any server.
Hashing is one-way — you can't recover the original input from a hash. Encryption is two-way — encrypted data can be decrypted with the right key. Use hashing for password storage and integrity verification; use encryption for confidentiality.
The modern code editor for the web, built for developers who value speed and simplicity.
Download Now