</>
DevPry

Hash Generator

Client-side only

Generate MD5, SHA-1, SHA-256 and SHA-512 hashes from any text instantly. All hashing happens in your browser — nothing is sent to a server.

Input
MD5 128-bit — fast, not collision-resistant, avoid for security
SHA-1 160-bit — deprecated for security use, still common for checksums
SHA-256 256-bit — recommended for most use cases
SHA-512 512-bit — stronger, used where extra security margin is needed

What is a Cryptographic Hash?

A cryptographic hash function takes any input — a word, a file, a document — and produces a fixed-length string called a hash or digest. The same input always produces the same hash, but even a tiny change in the input produces a completely different output. This property is called the avalanche effect.

Hash functions are one-way: you cannot reverse a hash to recover the original input (without brute force). They are used to verify data integrity, store passwords securely, generate checksums, and sign digital documents.

This tool supports four algorithms: MD5 (128-bit, fast but broken for security), SHA-1 (160-bit, deprecated for security), SHA-256 (256-bit, the current standard), and SHA-512 (512-bit, stronger margin). All hashing runs in your browser — nothing is sent to a server.

How to Use This Tool

  1. Type or paste your text into the input field.
  2. All four hash values (MD5, SHA-1, SHA-256, SHA-512) update instantly as you type.
  3. Toggle uppercase if you need the hex output in capital letters.
  4. Click Copy next to any hash to copy it to your clipboard.
  5. Click Clear to reset the input and all outputs.

Common Use Cases

Verifying File Integrity

Compare the SHA-256 hash of a downloaded file against the publisher's checksum to confirm it wasn't tampered with.

Password Storage (Reference)

Understand how password hashing works — though for real passwords, use bcrypt or Argon2, not raw SHA-256.

Data Deduplication

Generate hashes to detect duplicate files or records without comparing full content.

API Request Signing

Many APIs require HMAC-SHA256 signatures — use SHA-256 as the base hash for signature generation.

Content Addressing

Generate a deterministic identifier for a piece of content — the same content always produces the same hash.

Learning Cryptography

Experiment with how small input changes produce completely different hash outputs (the avalanche effect).

Frequently Asked Questions

What is the difference between MD5, SHA-1, and SHA-256?

MD5 produces a 128-bit hash and is fast but has known collision vulnerabilities — two different inputs can produce the same hash. SHA-1 produces 160 bits and is also considered broken for security use. SHA-256 (part of the SHA-2 family) produces 256 bits and is the current standard for security applications. Use SHA-256 or SHA-512 for anything security-sensitive.

Can I reverse a hash to get the original input?

No. Hash functions are designed to be one-way. You cannot mathematically reverse a hash. However, short or common inputs can be looked up in precomputed rainbow tables. This is why passwords should be hashed with salt using bcrypt or Argon2, not raw SHA-256.

Is SHA-256 safe to use for passwords?

No. Raw SHA-256 is too fast — attackers can compute billions of hashes per second using GPUs. For passwords, use a slow, salted algorithm designed for this purpose: bcrypt, scrypt, or Argon2. These are intentionally slow and resistant to brute-force attacks.

Is MD5 still safe to use?

MD5 is safe for non-security uses like checksums and deduplication where collisions don't matter. It is not safe for digital signatures, certificates, or any use where an attacker could craft a collision. SHA-256 is a better default.

Why does the same input always produce the same hash?

Hash functions are deterministic — given the same input, they always produce the same output. This is essential for use cases like file verification and data integrity checks. If you want different outputs for the same input (e.g. for passwords), you add a random salt before hashing.