Hash Generator

// md5 · sha-1 · sha-256 · sha-384 · sha-512 · live hashing · compare hashes · nothing leaves your browser

input text
MD5 128-bit · 32 hex chars
waiting for input...
SHA-1 160-bit · 40 hex chars
waiting for input...
SHA-256 256-bit · 64 hex chars
waiting for input...
SHA-384 384-bit · 96 hex chars
waiting for input...
SHA-512 512-bit · 128 hex chars
waiting for input...
verify / compare hash

What is a hash function?

A hash function takes any input and produces a fixed-length output (the hash or digest). The same input always produces the same hash, but even a tiny change in input produces a completely different hash. Hashes are one-way — you can't reverse them to get the original input.

Which algorithm should I use?

  • SHA-256 — recommended for most use cases
  • SHA-512 — higher security, larger output
  • SHA-1 — legacy only, avoid for security
  • MD5 — checksums only, not for security

How cryptographic hash functions work

A cryptographic hash function takes an input of any size and produces a fixed-size output called a hash or digest. The same input always produces the same output, but the relationship is one-way — you cannot reconstruct the input from the hash. This property, called preimage resistance, is what makes hashes useful for security.

Hash functions also have the avalanche effect: changing even a single bit of the input produces a completely different hash. The hash of "Hello" and the hash of "hello" are utterly different. This makes hashes useful for detecting any modification to data — if the hash changes, the data changed.

Common uses: verifying file integrity (download the file, compute its SHA-256, compare to the published hash), storing passwords (never store plaintext passwords — store the salted hash), creating digital signatures, generating cache keys, and building content-addressable storage systems like Git.

Choosing the right hash algorithm

SHA-256 is the current standard for most security applications. It produces a 256-bit (32-byte) hash and has no known practical attacks. It is part of the SHA-2 family, standardized by NIST, and is used in TLS certificates, Bitcoin, and most modern security protocols.

SHA-512 produces a 512-bit hash and is stronger, though the practical security difference from SHA-256 is negligible for most applications. It can actually be faster than SHA-256 on 64-bit processors due to its internal structure.

MD5 was once the standard but is now cryptographically broken — collision attacks are practical, meaning two different inputs can be crafted to produce the same MD5 hash. Only use MD5 for non-security purposes like checksums for accidental corruption detection or legacy system compatibility.

Frequently Asked Questions

Can I reverse a hash to get the original text?+
No. Hash functions are designed to be one-way — it's computationally infeasible to reverse them. What attackers do instead is try millions of common inputs and compare hashes (a "dictionary attack"), which is why you should never hash short or common strings for security purposes.
Is MD5 safe to use?+
MD5 is broken for security purposes — collisions (two different inputs producing the same hash) can be generated intentionally. Use MD5 only for non-security purposes like file checksums where you control both inputs. Never use MD5 for passwords or digital signatures.
Why does a space at the end change the hash completely?+
This is called the avalanche effect — a property of good hash functions where a tiny change in input causes a completely different output. Even changing one bit flips roughly half of all output bits. This makes hashes useful for detecting any tampering with data.

Related tools

Password Generator → JWT Decoder → Base64 Encoder → All tools →