Hash Generator

Compute MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text or files β€” instantly, entirely in your browser.

Runs entirely in your browser β€” your input is never uploaded.
0 chars Β· 0 bytes
Algorithms

Results

MD5⚠ Not for passwords
β€”
SHA-1⚠ Not for passwords
β€”
SHA-256
β€”
SHA-384
β€”
SHA-512
β€”
How does this tool work?
SHA-1, SHA-256, SHA-384, and SHA-512 use the native Web Crypto API in your browser when available. MD5 (and the streaming hashers used for files) run as pure JavaScript implementations. Nothing is uploaded β€” every byte stays on your device.

Compute a hash in 3 steps

  1. Enter your input

    Type or paste text, or switch to File mode and drop a file.

  2. View all hashes instantly

    MD5, SHA-1, SHA-256, SHA-384, and SHA-512 are computed in parallel and shown side by side.

  3. Copy or compare

    Copy any hash with one click, or paste an expected checksum to verify a match.

Verify a downloaded file's checksum

Download pages often list a SHA-256 checksum next to the file link. To confirm your download wasn't corrupted or tampered with:

  1. Switch to File mode above and drop the downloaded file.
  2. Paste the expected checksum into the Verify field.
  3. If the hashes match, you will see a green βœ“ Matches result.

Verify it yourself

Compare our output with your terminal to confirm correctness:

# SHA-256 of "hello world" (no trailing newline)
printf '%s' "hello world" | sha256sum
# b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9

# Using OpenSSL
printf '%s' "hello world" | openssl dgst -sha256

# MD5 of empty string
printf '' | md5sum
# d41d8cd98f00b204e9800998ecf8427e

How to Use This Tool

  • Use SHA-256 or stronger when verifying authenticity β€” MD5 and SHA-1 are fine for casual integrity checks but should not be trusted against an adversary.
  • For very large files, prefer File mode: chunks are streamed through the hasher in O(chunk) memory, not buffered in full.
  • Watch out for trailing newlines: typing "hello" in this tool hashes 5 bytes, while echo "hello" on a terminal hashes 6 (it adds a \n). Use printf '%s' to match.
  • Pick the right encoding: UTF-8 covers most natural text, while Hex / Base64 / Raw bytes are useful when you need to hash binary content typed as a string.
  • Use the Verify field to compare against a published checksum β€” it accepts hex, Base64, and Base64URL.

Frequently Asked Questions

What is a hash and what is it used for?

A cryptographic hash is a fixed-length fingerprint of arbitrary data. It is used to verify file integrity (confirming a download wasn't corrupted), detect duplicates, create unique identifiers, and check data consistency. Even a tiny change in the input produces a completely different hash.

What's the difference between MD5, SHA-1, SHA-256, and SHA-512?

They differ in digest length and security. MD5 (128-bit) and SHA-1 (160-bit) are fast but have known collision vulnerabilities β€” fine for non-security checksums, not for cryptographic security. SHA-256 (256-bit) and SHA-512 (512-bit) are part of the SHA-2 family and are widely trusted for security-critical applications. SHA-384 is a truncated variant of SHA-512.

Is MD5 still safe to use?

For simple integrity checks (verifying a file transfer was not corrupted) MD5 is still commonly used. However, it is cryptographically broken β€” collisions can be manufactured. Never use MD5 to verify authenticity against an adversary, and never use it for password hashing. Use SHA-256 or stronger for security-sensitive tasks, and bcrypt or Argon2 for passwords.

Why is my hash different from sha256sum on the command line?

The most common cause is a trailing newline. echo "text" appends a \n, while this tool hashes exactly what you type. Use printf '%s' "text" | sha256sum to get matching results. Also check your input encoding β€” this tool defaults to UTF-8.

Does this tool upload my file or text anywhere?

No. All computation happens in your browser using the Web Crypto API and a client-side hashing library. Your input never leaves your device. You can verify this by opening your browser's Network tab β€” you'll see zero requests carrying your data.

How do I verify a downloaded file's checksum?

Switch to File mode, drop or select your downloaded file, then paste the expected checksum from the download page into the Verify field. If they match, you will see a green checkmark. This works for MD5, SHA-1, SHA-256, SHA-384, and SHA-512 checksums.

Can I use this to hash passwords?

No. MD5, SHA-1, and SHA-2 are too fast for password hashing β€” attackers can try billions of guesses per second. Use a dedicated password hashing algorithm like bcrypt or Argon2, which are intentionally slow and include salting.

Why is the SHA-256 of an empty string e3b0c44…?

SHA-256 of zero bytes is e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855. This is the algorithm processing its initial state with an empty message β€” a well-known constant you can use to verify any SHA-256 implementation.

Can I hash a very large file in the browser?

Yes. This tool streams the file in small chunks and feeds each chunk to all selected hash algorithms in a single pass, so it never holds the whole file in memory. Files over 500 MB show a notice, but there is no hard limit β€” your browser's available memory is the only constraint.