Paste or type any text and see its MD5, SHA-1, and SHA-256 digests computed side by side. SHA-1 and SHA-256 run through the browser's native Web Crypto API for fast, standards-compliant hashing; MD5 — which Web Crypto deliberately omits because it's cryptographically broken — is computed with a small dedicated library. All three digests update live as you type, and each one has its own copy button so you can grab exactly the hash you need without hand-selecting hex text.
Type or paste the string you want to hash into the input panel. Whitespace and casing matter — hashes are byte-exact.
MD5, SHA-1, and SHA-256 hex digests appear automatically below, recalculated on every keystroke.
Click the Copy button next to any algorithm to put that specific hex digest on your clipboard.
Paste a hash you already have (from a file checksum, API doc, or commit) next to the input's algorithm and compare it visually against the generated digest.
Compare a published SHA-256 checksum against a hash you compute from the same content to confirm nothing was corrupted or tampered with.
Hash a request payload or content string to produce a stable, fixed-length key for caching, deduplication, or database indexing.
Confirm an MD5 value referenced in old documentation or a legacy system still matches the current content, without spinning up a script.
Change a single character in the input and watch all three digests change completely, to build intuition for hash avalanche behavior while learning cryptography basics.
No. Both MD5 and SHA-1 have known practical collision attacks and are considered cryptographically broken for security purposes — do not use them for password storage, signatures, or integrity guarantees against a motivated attacker. They're included here for legacy compatibility checks, checksums, and non-adversarial use cases like cache keys.
None of these. Password hashing needs a purpose-built, slow, salted algorithm like bcrypt, scrypt, or Argon2 — general-purpose hashes like MD5, SHA-1, and even SHA-256 are far too fast and make brute-forcing feasible. This tool is for checksums and general-purpose hashing, not credential storage.
The browser's native Web Crypto API (crypto.subtle.digest) supports SHA-1 and SHA-256 but intentionally does not implement MD5, since it is deprecated for cryptographic use. This tool uses a small, well-tested MD5 library just for that algorithm while relying on the native, audited implementation for SHA-1/SHA-256.
No. Every hash is computed locally in your browser. Nothing you type is sent to a server, logged, or stored — closing the tab clears everything.
Hash functions operate on the exact bytes of input. A single trailing space, an extra newline, or CRLF vs LF line endings all change the byte sequence and therefore produce a completely different digest — this is expected and by design.
———