Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes from any text instantly.

5 algorithms Real-time Free Runs in browser

Input text

Ready — type to generate hashes

MD5—

SHA-1—

SHA-256—

SHA-384—

SHA-512—

Hash algorithm guide

MD5 (128-bit)

Fast but cryptographically broken — do not use for security. Still used for checksums, file integrity checks, and non-security deduplication. Produces a 32-character hex string.

SHA-1 (160-bit)

Deprecated for security purposes since 2017. Still used in Git commit hashes and some legacy systems. Not recommended for new systems. 40-character hex output.

SHA-256 (256-bit)

The current standard for secure hashing. Used in TLS certificates, Bitcoin, code signing, and password hashing (via bcrypt/Argon2 wrappers). 64-character hex output.

SHA-512 (512-bit)

Stronger than SHA-256, faster on 64-bit hardware. Used for high-security applications. Produces a 128-character hex string. Part of the SHA-2 family.

Cryptographic Hash Functions — MD5, SHA-256, and When to Use Each

A hash function takes any input — a word, a file, a database record — and produces a fixed-size fingerprint called a hash or digest. The same input always produces the same hash. Change even one character and the entire hash changes completely. This one-way, deterministic property makes hashes fundamental to security, data integrity, and computer science.

The hash algorithms compared

MD5 produces 128-bit hashes (32 hex characters). Fast but cryptographically broken since 2004 — collisions can be found in seconds. Use only for checksums and deduplication, never security. SHA-1 produces 160-bit hashes and was deprecated for security use in 2017. SHA-256 (part of SHA-2) produces 256-bit hashes and is the current security standard — used in TLS, code signing, Bitcoin, and password hashing schemes. SHA-512 provides extra margin with 512-bit output.

Hashing passwords — what not to do

Never use MD5, SHA-1, or even SHA-256 directly to hash passwords. These are fast algorithms — attackers can compute billions per second on GPUs. For passwords, use purpose-built slow functions: bcrypt, Argon2id, or scrypt. These include a cost factor that makes brute force attacks take years instead of seconds. The difference between SHA-256 and bcrypt for password storage is the difference between vulnerable and secure.

Verifying file integrity

Download a file, compute its SHA-256 hash, compare it to the hash published by the author. If they match, the file is unmodified. If they differ, the file was corrupted or tampered with during download. This is how software publishers distribute checksums alongside their downloads, and why package managers like npm and pip verify hashes before installing.

Frequently asked questions

What is a hash function?

A hash function takes any input and produces a fixed-size output called a hash or digest. The same input always produces the same hash, but it's computationally infeasible to reverse the process (find the input from the hash). This makes hashes useful for integrity verification and password storage.

What is MD5 used for?

MD5 is no longer secure for cryptographic use — collisions can be found in seconds. It's still widely used for non-security purposes: file checksums (verifying a download isn't corrupted), cache keys, generating unique identifiers, and deduplicating data.

Should I use SHA-256 or SHA-512?

Both are secure. SHA-256 is more widely used and sufficient for most applications. SHA-512 is faster on 64-bit hardware and produces a longer hash — use it when extra security margin is needed or for high-value data. Both are part of the SHA-2 family.

Can I use SHA-256 to hash passwords?

Not directly. Raw SHA-256 is too fast — attackers can compute billions of hashes per second on GPUs. For passwords, use a slow adaptive function like bcrypt, Argon2id, or scrypt. These add a cost factor that makes brute-force attacks impractical even with SHA-256 underneath.

What is the difference between a hash and encryption?

Encryption is reversible — you can decrypt with the right key. Hashing is one-way — you cannot get the original data back from a hash. Encryption is for confidentiality; hashing is for integrity and verification.

Is my text safe to hash here?

Yes. All hashing happens locally in your browser using the Web Crypto API. No data is ever sent to any server. That said, avoid hashing highly sensitive production secrets in any online tool as a general best practice.