Generate MD5, SHA1, SHA256, SHA384, SHA512 hashes from text
A cryptographic hash function maps arbitrary-length input to a fixed-length output (the "digest") in a way that is fast to compute forward and computationally infeasible to reverse. The standard algorithms have different output sizes: MD5 produces 128 bits (32 hex chars), SHA-1 produces 160 bits (40 hex chars), SHA-256 produces 256 bits (64 hex chars), SHA-384 produces 384 bits, and SHA-512 produces 512 bits. Size is not the same thing as security: MD5 is 128 bits but was cryptographically broken in the 2000s, while BLAKE2b at the same 128-bit output remains secure. Two security properties matter for different applications. Preimage resistance means that given a hash output, you cannot feasibly find any input that produces it, this is what protects hashed passwords from being trivially reversed. Collision resistance means that you cannot feasibly find two different inputs that produce the same output, this is what protects file integrity checks, because it ensures an attacker cannot craft a malicious file with the same hash as a legitimate one. MD5 is broken for collision resistance (researchers have generated arbitrary MD5 collisions since 2008) but not yet broken for preimage resistance, which is why MD5 is still sometimes used for non-security checksums but should never be used where an attacker might benefit from constructing collisions. SHA-1 is broken for collision resistance as of 2017 (the SHAttered attack produced two PDFs with identical SHA-1). SHA-256 and SHA-3 family are currently unbroken for both properties.
Initializing in your browser…
You downloaded a file and the project lists a SHA-256 to verify it was not tampered with in transit.
Input text
hello
Digests
MD5: 5d41402abc4b2a76b9719d911017c592 SHA-1: aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d SHA-256: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
A cryptographic hash maps any input to a fixed-length fingerprint where one changed bit yields a completely different digest, so matching the published SHA-256 means the bytes are intact. MD5 and SHA-1 are shown for legacy checksum compatibility only, they are broken for security use, which the tool notes.
A cryptographic hash function maps arbitrary-length input to a fixed-length output (the "digest") in a way that is fast to compute forward and computationally infeasible to reverse. The standard algorithms have different output sizes: MD5 produces 128 bits (32 hex chars), SHA-1 produces 160 bits (40 hex chars), SHA-256 produces 256 bits (64 hex chars), SHA-384 produces 384 bits, and SHA-512 produces 512 bits. Size is not the same thing as security: MD5 is 128 bits but was cryptographically broken in the 2000s, while BLAKE2b at the same 128-bit output remains secure. Two security properties matter for different applications. Preimage resistance means that given a hash output, you cannot feasibly find any input that produces it, this is what protects hashed passwords from being trivially reversed. Collision resistance means that you cannot feasibly find two different inputs that produce the same output, this is what protects file integrity checks, because it ensures an attacker cannot craft a malicious file with the same hash as a legitimate one. MD5 is broken for collision resistance (researchers have generated arbitrary MD5 collisions since 2008) but not yet broken for preimage resistance, which is why MD5 is still sometimes used for non-security checksums but should never be used where an attacker might benefit from constructing collisions. SHA-1 is broken for collision resistance as of 2017 (the SHAttered attack produced two PDFs with identical SHA-1). SHA-256 and SHA-3 family are currently unbroken for both properties.
Compare the hash of a downloaded file against the publisher's checksum to confirm it has not been tampered with.
See what a hashed password looks like. (In production, always use a purpose-built algorithm like bcrypt or Argon2.)
Hash files or text blocks to quickly identify duplicates without comparing the full content.
The right hash function depends on the application. For file integrity checks where you control both ends (you hash a file, store the hash, later verify it has not been corrupted), any hash function works, even MD5 is fine when the threat is random corruption rather than adversarial tampering. For content-addressed storage (deduplication by hash, git object IDs before its SHA-256 transition), SHA-256 or BLAKE2 is the modern default. For digital signatures and code signing, SHA-256 or SHA-384 is the standard; SHA-1 was phased out between 2016 and 2020. For HMAC (message authentication codes), SHA-256 is fine and is what most protocols use.
For password hashing, general-purpose hash functions are the wrong choice entirely. SHA-256 can be computed billions of times per second on a GPU, which means an attacker with a stolen password database can try billions of guesses per second against each hash. Proper password hashing uses deliberately slow functions with tunable cost parameters: bcrypt (default since 1999), scrypt (memory-hard), and Argon2 (the winner of the 2015 Password Hashing Competition, currently the recommended default) are the three mainstream choices. These functions take 100-1000 milliseconds per hash by design, which slows an attacker to thousands of guesses per second rather than billions. This tool produces general-purpose hashes; do not use its SHA-256 output as your production password hash unless you apply proper salt and KDF on top.
The Web Crypto API (which this tool uses via window.crypto.subtle.digest) supports SHA-1, SHA-256, SHA-384, and SHA-512 natively in all modern browsers. MD5 is not in Web Crypto because it is no longer recommended for new systems; this tool includes MD5 via a JavaScript implementation for compatibility with legacy systems that still use it. Output is always formatted as lowercase hexadecimal because that is the de facto standard representation (an uppercase-hex hash of the same input is the "same hash" as far as byte comparison goes, but verification tools that do literal string comparison will reject it).
MD5 is fine for non-security purposes like checksums and deduplication. For security-sensitive applications, use SHA-256 or stronger.
No. Cryptographic hashes are one-way functions. You cannot derive the input from the output.
Usually a character encoding difference. Ensure both tools use the same encoding (typically UTF-8) and that there are no hidden whitespace or newline differences.
Conversions run on your device in JavaScript. The values you enter are never sent over the network.