Hash Generator

Reserved · Sponsored728 × 90 · zero layout shift

What this tool does

Paste or type any text and see its MD5, SHA-1, and SHA-256 digests computed side by side. SHA-1 and SHA-256 run through the browser's native Web Crypto API for fast, standards-compliant hashing; MD5 — which Web Crypto deliberately omits because it's cryptographically broken — is computed with a small dedicated library. All three digests update live as you type, and each one has its own copy button so you can grab exactly the hash you need without hand-selecting hex text.

How to use

  1. 1
    Enter your text

    Type or paste the string you want to hash into the input panel. Whitespace and casing matter — hashes are byte-exact.

  2. 2
    Read the digests

    MD5, SHA-1, and SHA-256 hex digests appear automatically below, recalculated on every keystroke.

  3. 3
    Copy the hash you need

    Click the Copy button next to any algorithm to put that specific hex digest on your clipboard.

  4. 4
    Verify against a known value

    Paste a hash you already have (from a file checksum, API doc, or commit) next to the input's algorithm and compare it visually against the generated digest.

Use cases

  • Verify file or download integrity

    Compare a published SHA-256 checksum against a hash you compute from the same content to confirm nothing was corrupted or tampered with.

  • Generate cache or dedupe keys

    Hash a request payload or content string to produce a stable, fixed-length key for caching, deduplication, or database indexing.

  • Sanity-check legacy MD5 checksums

    Confirm an MD5 value referenced in old documentation or a legacy system still matches the current content, without spinning up a script.

  • Explore how hashing works

    Change a single character in the input and watch all three digests change completely, to build intuition for hash avalanche behavior while learning cryptography basics.

FAQ

Is MD5 or SHA-1 safe to use for security?+

No. Both MD5 and SHA-1 have known practical collision attacks and are considered cryptographically broken for security purposes — do not use them for password storage, signatures, or integrity guarantees against a motivated attacker. They're included here for legacy compatibility checks, checksums, and non-adversarial use cases like cache keys.

Which hash should I use for password storage?+

None of these. Password hashing needs a purpose-built, slow, salted algorithm like bcrypt, scrypt, or Argon2 — general-purpose hashes like MD5, SHA-1, and even SHA-256 are far too fast and make brute-forcing feasible. This tool is for checksums and general-purpose hashing, not credential storage.

Why does SHA-256 run through Web Crypto but MD5 doesn't?+

The browser's native Web Crypto API (crypto.subtle.digest) supports SHA-1 and SHA-256 but intentionally does not implement MD5, since it is deprecated for cryptographic use. This tool uses a small, well-tested MD5 library just for that algorithm while relying on the native, audited implementation for SHA-1/SHA-256.

Does my text get uploaded anywhere?+

No. Every hash is computed locally in your browser. Nothing you type is sent to a server, logged, or stored — closing the tab clears everything.

Why do trailing spaces or line endings change the hash?+

Hash functions operate on the exact bytes of input. A single trailing space, an extra newline, or CRLF vs LF line endings all change the byte sequence and therefore produce a completely different digest — this is expected and by design.

Related tools