Hash Generator

This hash generator creates MD5, SHA-1, SHA-256, and SHA-512 hashes from any text instantly. All computed in your browser.

A hash generator converts any text into a fixed-length digest using a one-way mathematical function. This tool computes four widely used digests side by side as you type - MD5, SHA-1, SHA-256, and SHA-512 - all within your browser. SHA-family hashes run on the native Web Crypto API specified in W3C SubtleCrypto.digest(), while MD5 uses a local JavaScript implementation because browsers do not ship MD5 in the Web Crypto standard.

Ad
Ad

About Hash Generator

How Does a Hash Function Work?

A hash function is a deterministic one-way map from arbitrary input bytes to a fixed-length digest. The same input always produces the same output, but changing a single bit of input flips roughly half the output bits (the avalanche effect). You cannot reverse a digest to recover the original input.

Worked example: hashing the three-character string cat with SHA-256 produces 77af778b51abd4a3c51c5ddd97204a9c3ae614ebccb75a606c3b6865aed6744e. Change one letter to bat and the digest becomes a3c7a58e0a224b3cf45d52f9f9b8e2ddb08d8efac51dbd6bb1eb41c1c3d14ed9 - completely different, but still exactly 64 hex characters. Change it to cat with a trailing space and the digest changes again. That is the avalanche effect in action.

PropertyWhat It MeansWhy It Matters
DeterministicSame input always produces the same hashEnables verification - hash the file again and compare
Fixed-length outputRegardless of input size, the hash is always the same lengthPredictable storage, easy comparison
Avalanche effectChanging one bit of input changes ~50% of the output bitsPrevents guessing the input from the hash
One-way (pre-image resistant)Cannot reverse the hash to recover the original inputProtects passwords and sensitive data
Collision resistantHard to find two different inputs producing the same hashEnables use as unique identifiers

Supported Algorithms

AlgorithmOutput LengthHex CharactersSecurity StatusCommon Use
MD5 (RFC 1321)128 bits32Broken - chosen-prefix collisions since 2007Legacy checksums, non-security file verification
SHA-1 (FIPS 180-4)160 bits40Broken - first public collision Feb 2017Git object hashes (legacy), old certificate chains
SHA-256 (FIPS 180-4)256 bits64Secure - NIST-approvedTLS, code signing, blockchain, content-addressing
SHA-512 (FIPS 180-4)512 bits128Secure - NIST-approvedHigh-security applications, 64-bit performance

The SHA-2 family (SHA-256 and SHA-512) was published by NIST in FIPS 180-2 in 2002 and remains the default recommendation for new systems. SHA-3 (FIPS 202, 2015) is based on the Keccak sponge construction and is available alongside SHA-2, not as a replacement.

How Have MD5 and SHA-1 Been Broken?

Both algorithms are considered cryptographically broken because researchers can produce two different inputs that hash to the same digest in a feasible amount of computing time.

MD5. Xiaoyun Wang and Hongbo Yu demonstrated the first public MD5 collision at the CRYPTO 2004 rump session. By 2007 Marc Stevens, Arjen Lenstra, and Benne de Weger had produced chosen-prefix collisions with around 2^50 MD5 compressions, later reduced to roughly 2^39 in 2009 - about a day on a commodity quad-core. In 2008 a research team used the technique to forge a rogue X.509 certificate signed by a real commercial CA, demonstrating that MD5 was unsafe for any signature context.

SHA-1. On 23 February 2017 Google and CWI Amsterdam published SHAttered, the first public SHA-1 collision: two PDF files with identical SHA-1 hashes but different content. The attack used roughly 2^63.1 SHA-1 compressions - about 6,500 CPU years and 110 GPU years, bought on cloud hardware for around $110,000. In 2019 Gaetan Leurent and Thomas Peyrin published a chosen-prefix SHA-1 collision (SHA-1 is a Shambles) for roughly $45,000, putting signature forgery in reach of resourced attackers. Shortly after, NIST formally deprecated SHA-1 in SP 800-131A and announced a full retirement date of 31 December 2030.

Which Hash Should You Use?

PurposeUseDo Not Use
Password hashingbcrypt, scrypt, or Argon2id (OWASP 2026)MD5, SHA-1, or unsalted SHA-256
Digital signatures and code signingSHA-256 or SHA-512MD5, SHA-1
TLS certificatesSHA-256 (minimum, per CA/Browser Forum Baseline Requirements)SHA-1 (disallowed in public certs since 2017)
File integrity checksums (non-adversarial)SHA-256 - MD5 still common on mirrors but no longer recommendedN/A
HMAC authenticationHMAC-SHA-256 or HMAC-SHA-512HMAC-MD5 for new designs
Fast cache keys, deduplicationSHA-256, or MD5/xxHash if collisions are acceptableN/A

Raw SHA-256 is not suitable for password storage because it is fast - a modern GPU can compute billions of SHA-256 hashes per second, which makes brute-force and dictionary attacks cheap. Use a deliberately slow password hash such as bcrypt (our Bcrypt Generator) or Argon2id. For keyed message authentication use the HMAC Generator, which combines a secret with a hash function in the construction defined by RFC 2104.

How Do Real Systems Use Hashes?

SystemHashNotes
Git (default repositories)SHA-1Still SHA-1 by default in Git 2.51 (Aug 2025); SHA-256 object format graduated from experimental in Git 2.42 (2023); interop and tooling work is ongoing toward Git 3.0.
BitcoinDouble SHA-256Block headers are hashed as SHA-256(SHA-256(header)); addresses use RIPEMD-160 over SHA-256.
EthereumKeccak-256Pre-standardised variant of SHA-3, used for contract addresses, transaction hashes, and Merkle tries.
TLS 1.3 certificatesSHA-256 / SHA-384CA/Browser Forum disallows SHA-1 in publicly trusted certificates.
Linux package managersSHA-256 / SHA-512Debian, Fedora, Arch all publish SHA-256 (and often SHA-512) digests in repository metadata.
AWS S3 / object storage ETagsMD5 (single-part) / custom (multipart)MD5 is used only as an integrity check against accidental corruption, not as a security primitive.
HMAC in JWT (HS256)HMAC-SHA-256Shared-secret signing of JSON Web Tokens; see the JWT Decoder.

How Long Is a Brute-Force Pre-Image Attack?

For a secure n-bit hash, finding a pre-image (an input that hashes to a target digest) requires on average 2^(n-1) hash computations, and finding any collision requires about 2^(n/2) by the birthday bound. The table below shows the search space in practical terms and why a 128-bit security level is the modern floor for new systems.

Hash sizePre-image workBirthday collision workPractical status
MD5 (128-bit)2^1272^64Collisions broken in practice; pre-image still 2^123.4 in best published attack
SHA-1 (160-bit)2^1592^80 (theory) / 2^63.1 (SHAttered)Collisions broken; forgery demonstrated
SHA-256 (256-bit)2^2552^128No known weaknesses; considered secure for decades
SHA-512 (512-bit)2^5112^256No known weaknesses; slightly faster than SHA-256 on 64-bit CPUs

The birthday numbers matter because collision resistance - not pre-image resistance - is what protects signatures and Git commit identifiers. That is why MD5 and SHA-1 are unsafe for signing even though pre-image attacks on them are still infeasible.

Hash Output Formats and Encodings

This tool prints digests in hexadecimal - each byte becomes two characters from 0-9a-f. Hex is the convention used by Git, npm integrity fields (after decoding from base64), sha256sum, and most checksum files. Toggle to uppercase if a legacy tool or mainframe system expects it. Other common encodings you may encounter include Base64 (shorter, used in Subresource Integrity headers - sha256-... values are base64-encoded) and binary (used internally by protocols). If you need to encode rather than hash, use the Base64 Encoder/Decoder.

How Is the Input Bytes Processed Before Hashing?

This tool treats the text box as a UTF-8 byte sequence before hashing. A single emoji like the grinning face U+1F600 encodes to four bytes (F0 9F 98 80), so its SHA-256 is the digest of those four bytes, not of a 16-bit JavaScript code unit. That matches how almost every modern system hashes text: sha256sum on Linux, Node's crypto.createHash, Python's hashlib, and Git's internal hash-object all hash raw bytes, and default to UTF-8 when given strings.

Why the encoding choice matters: hashing the same visible characters under different encodings produces different digests. The string naïve in UTF-8 (7 bytes) and in Latin-1 (5 bytes) are different byte sequences and therefore have different SHA-256 values. If you need to compare a hash computed by another tool, check that the other tool also uses UTF-8 and does not add or strip a byte order mark or trailing newline. The classic gotcha is running echo "hello" | sha256sum on Linux, which hashes hello\n (six bytes) - not the five bytes you probably meant. Use printf '%s' "hello" | sha256sum for byte-exact input.

For binary files you rarely need a browser tool - sha256sum filename, PowerShell's Get-FileHash, or macOS shasum -a 256 filename will hash the raw file bytes directly with no encoding guesswork.

Common Mistakes with Hashes

Treating a hash as if it were encryption is the most common mistake. Hashes are one-way - there is no key and no decryption function. Storing a password as sha256(password) is only marginally better than storing it in plain text because precomputed "rainbow" tables cover most common passwords in seconds. Another recurring mistake is comparing hashes with a non-constant-time equality operator in security code, which can leak information through timing side channels - use a library like Node's crypto.timingSafeEqual or Python's hmac.compare_digest. A third is assuming that two files with identical MD5s are the same file: since 2008 any adversary can construct MD5 collisions cheaply, so MD5 is only valid as an accidental-corruption check. Finally, remember that hashing the same text twice in different tools can produce different results if one tool is silently normalising line endings, trimming whitespace, or adding a newline - always compare byte-for-byte.

Sources

Frequently Asked Questions

What is a hash function?

A hash function takes an input of any size and produces a fixed-length string of characters called a digest. The same input always produces the same output, but even a tiny change to the input produces a completely different hash. Hash functions are one-way, meaning you cannot reverse a hash to recover the original input.

Which hash algorithm should I use?

For security-sensitive applications like password storage or digital signatures, use SHA-256 or SHA-512. MD5 and SHA-1 are considered cryptographically broken and should only be used for non-security purposes such as checksums or cache keys.

Is my data sent to a server for hashing?

No. All hashing is performed entirely in your browser using the Web Crypto API and a local MD5 implementation. Your text never leaves your device.

Why do different algorithms produce different length outputs?

Each algorithm is designed to output a specific number of bits. MD5 produces 128 bits (32 hex characters), SHA-1 produces 160 bits (40 hex characters), SHA-256 produces 256 bits (64 hex characters), and SHA-512 produces 512 bits (128 hex characters).

Link to this tool

Copy this HTML to link to this tool from your website or blog.

<a href="https://toolboxkit.io/tools/hash-generator/" title="Hash Generator - Free Online Tool">Try Hash Generator on ToolboxKit.io</a>