Hash Generator

Generate SHA-256, SHA-384, SHA-512, and SHA-1 hashes from any text. 100% browser-based, no data sent.

Free to use. Runs in your browser.

Enter text to generate its cryptographic hash using SHA-256, SHA-384, SHA-512, or SHA-1.

Input Text

0 characters

What Is a Hash and Why Does It Matter?

A hash function takes any input, a password, a file, an entire database, and produces a fixed-length string of characters. The same input always produces the same hash. Change even one character, and the output changes completely. It's a digital fingerprint.

Think of it like a blender: you can turn a banana into a smoothie, but you can't turn the smoothie back into a banana. That one-way property is what makes hashes useful for security. You can verify that someone knows a password without ever storing the password itself.

Hashes are everywhere in software: password storage, file integrity checks, digital signatures, blockchain, caching, and data deduplication. If you're building anything that touches security or data integrity, you'll encounter hash functions daily.

Hash Algorithm Comparison

Algorithm	Output Size	Security	Use Case
MD5	128 bits (32 hex)	Broken, collisions found	Checksums only, never for security
SHA-1	160 bits (40 hex)	Broken, collision demonstrated in 2017	Legacy systems, Git (moving away)
SHA-256	256 bits (64 hex)	Secure, no known vulnerabilities	Digital signatures, certificates, blockchain
SHA-384	384 bits (96 hex)	Secure	TLS certificates, high-security applications
SHA-512	512 bits (128 hex)	Secure	File integrity, digital signatures
bcrypt	184 bits	Secure + slow (by design)	Password hashing (preferred)

What this means for you: Use SHA-256 for general-purpose hashing and integrity checks. For passwords, use bcrypt, scrypt, or Argon2, they're deliberately slow to resist brute-force attacks. Never use MD5 or SHA-1 for anything security-related.

Hash Properties That Matter

Property	What It Means	Why It Matters
Deterministic	Same input always produces same output	You can verify data hasn't changed
Fixed output size	Any input produces the same length hash	Consistent storage and comparison
Avalanche effect	Tiny input change = completely different hash	Can't guess the input from a similar one
Pre-image resistant	Can't reverse the hash to find the input	Passwords stay protected
Collision resistant	Extremely hard to find two inputs with the same hash	Each "fingerprint" is effectively unique

Common Hash Use Cases

Password storage

Never store passwords in plain text. Hash them with bcrypt/Argon2 + a unique salt per user. When a user logs in, hash their input and compare. If the database leaks, attackers only get hashes.

File integrity verification

Download a file and its SHA-256 hash separately. Hash the downloaded file locally and compare. If they match, the file wasn't corrupted or tampered with during transfer.

Content-based caching

Hash the content of a file and use that hash in the filename (style.a1b2c3.css). When content changes, the hash changes, breaking the cache. When it doesn't change, the cache persists.

Data deduplication

Hash each file or data chunk. If two hashes match, the data is (almost certainly) identical. This is how backup systems and cloud storage avoid storing duplicate copies.

Why Salting Matters for Passwords

Without a salt, identical passwords produce identical hashes. If two users both choose "password123", their hashes are the same, an attacker who cracks one has cracked both. Pre-computed tables (rainbow tables) contain millions of common password hashes, making unsalted hashes trivial to reverse.

A salt is a unique random string added to each password before hashing. "password123" + "x7Kf9" and "password123" + "mP2qR" produce completely different hashes. Even identical passwords end up with unique hashes. This is why bcrypt and Argon2 automatically generate and store a unique salt per user, you don't have to manage it yourself.

Related Tools

Password Generator

Generate secure random passwords

Base64 Encoder/Decoder

Encode and decode Base64 strings

JWT Decoder

Decode JSON Web Tokens

UUID Generator

Generate unique identifiers

Binary Text Converter

Convert between binary and text

URL Encoder/Decoder

Encode special characters for URLs

How to use this tool

Enter or paste text into the input field

Click Generate Hashes to compute all algorithms at once

Copy any individual hash value to your clipboard

Common uses

Generating file checksums for integrity verification
Creating content hashes for cache busting
Comparing SHA-256 digests for downloaded files
Computing hashes for API authentication signatures

Share this tool

Frequently Asked Questions

What hash algorithms are supported?

SHA-1, SHA-256, SHA-384, and SHA-512. All use the Web Crypto API built into your browser, the same cryptographic engine used by HTTPS and TLS.

Is my data sent anywhere?

No. All hashing happens locally in your browser using the native Web Crypto API. Your text never leaves your device. Check your browser's network tab if you want proof.

What is a cryptographic hash?

A hash function takes any input and produces a fixed-length string. It's one-way (can't be reversed), deterministic (same input always gives same output), and avalanche-sensitive (change one character, the entire hash changes). It's a digital fingerprint.

Which algorithm should I use?

SHA-256 for general purpose hashing, it's the industry standard for integrity checks, digital signatures, and blockchain. SHA-512 for higher security requirements. Never use SHA-1 for security-critical applications, it has known collision vulnerabilities.

Is MD5 supported?

No. MD5 has known collision attacks since 2004. It's cryptographically broken and should not be used for any security purpose. We only offer SHA-family algorithms that remain secure.

Can I reverse a hash to get the original text?

No, that's the whole point. Hash functions are one-way. You can't mathematically reverse SHA-256 to recover the input. Attackers use rainbow tables (precomputed hash databases) or brute force, which is why passwords should use bcrypt/Argon2 with salts, not plain SHA-256.

What's the difference between hashing and encryption?

Encryption is two-way: encrypt with a key, decrypt with a key. Hashing is one-way: there's no key and no way back. Encryption protects data in transit. Hashing verifies integrity and stores passwords.

How do I verify a file's integrity with a hash?

Hash the file and compare the output to the published hash. If they match, the file hasn't been tampered with. Many software downloads publish SHA-256 checksums for this purpose.

Why does SHA-256 always produce 64 characters?

SHA-256 produces a 256-bit (32-byte) hash. Each byte is displayed as two hexadecimal characters (0-9, a-f), giving 64 hex characters. SHA-512 produces 128 hex characters for the same reason.

Should I use SHA-256 for password storage?

No. SHA-256 is too fast, attackers can try billions of guesses per second. Use bcrypt, scrypt, or Argon2 instead. These algorithms are deliberately slow (tunable cost factor) and include automatic salting, making brute-force attacks impractical.

What is a salt in hashing?

A salt is random data added to the input before hashing. It ensures identical passwords produce different hashes, preventing rainbow table attacks. Each user should have a unique salt. bcrypt generates salts automatically.

How are hashes used in blockchain?

Bitcoin and other blockchains use SHA-256 to link blocks together. Each block contains the hash of the previous block, creating a chain. Changing any block changes all subsequent hashes, making tampering detectable.

Results are for general informational purposes only and should be checked before use. They are not professional advice. See our Disclaimer and Terms of Service.