Hashing & Crypto

Hash Generator (MD5, SHA-1, SHA-256, SHA-512)

Generate cryptographic hashes for any text input using four major algorithms simultaneously. SHA-256 and SHA-512 via the Web Crypto API provide standards-compliant secure hashing. MD5 and SHA-1 included for legacy compatibility but clearly marked as broken for security use. Live hash generation as you type — useful for checksums, data verification, and development debugging.

JavaScript Required

This tool requires JavaScript to run. Please enable JavaScript in your browser settings to use Hash Generator (MD5, SHA-1, SHA-256, SHA-512).

Why JavaScript? This tool processes your files entirely in your browser using WebAssembly — nothing is uploaded to servers. This privacy-first approach requires JavaScript to be enabled.

What does this tool do?

The Hash Generator computes message digests using four algorithms: MD5 (128-bit, legacy only), SHA-1 (160-bit, legacy only), SHA-256 (256-bit, secure), and SHA-512 (512-bit, secure). The SHA algorithms use the browser's native Web Crypto API for hardware-accelerated, standards-compliant hashing. All four hashes update instantly as you type. The tool clearly marks MD5 and SHA-1 as cryptographically broken to discourage their use in security contexts while acknowledging their continued use for non-security checksums.

How it works

SHA-256 and SHA-512 use crypto.subtle.digest() from the Web Crypto API, which provides FIPS-compliant implementations optimized by browser vendors. MD5 and SHA-1 use carefully implemented JavaScript algorithms for cross-compatibility. Text input is encoded to UTF-8 via TextEncoder before hashing. The resulting ArrayBuffer is converted to hexadecimal string representation for display. All computation happens client-side with no server interaction — your input is never transmitted.

Features

Four algorithms at once: MD5, SHA-1, SHA-256, SHA-512
Web Crypto API for SHA — fast and standards-compliant
Updates live as you type
Copy any digest with one click
MD5 and SHA-1 marked as broken for security
UTF-8 encoding for international characters
100% client-side — input never leaves browser

How to use

1

Type or paste text

Enter any text — short strings, paragraphs, JSON, base64, configuration data. All four hashes update instantly.
2

Read the hashes

All four digests displayed in hex format. Click Copy on any hash to grab it for your use.
3

Choose appropriate algorithm

For new applications: use SHA-256 minimum. SHA-512 for maximum security margin. Avoid MD5 and SHA-1 except for compatibility with legacy systems.
4

Compare for verification

Compare generated hash against a known hash to verify data integrity. Even one character difference produces completely different hashes.

Common use cases

Data integrity verification

Generate checksums for files or data strings to verify they haven't been corrupted during transfer or storage.

API signature debugging

Debug HMAC or signature generation by computing expected hash values for API authentication schemes.

Password hash verification

Generate hashes to compare against stored password hashes during development of authentication systems.

Cache key generation

Create deterministic cache keys from complex data structures by hashing their string representation.

Tips & best practices

SHA-256 is the current minimum for security purposes — used by Bitcoin, TLS certificates, and most modern protocols
Even tiny input changes produce completely different hashes (avalanche effect) — this is a feature, not a bug
MD5 is broken for security but still used for file integrity checks where collision attacks aren't a concern
Hashes are one-way functions — you cannot recover the input from the hash (except by brute force guessing)

Frequently asked questions

Why is MD5 listed if it's broken?

Many systems still use MD5 for non-security checksums (file integrity verification, HTTP ETags, cache keys). For anything security-related (passwords, signatures), use SHA-256 or higher.

How do I hash a file instead of text?

File hashing is on the roadmap. For now, you can read the file as text and paste here, though binary files won't work correctly through text encoding.

Is the input logged?

No. Hashing happens entirely in your browser via JavaScript. We have no server that receives your input.

Can two different inputs produce the same hash?

In theory (collision), but cryptographically secure hash functions like SHA-256 make finding collisions computationally infeasible. MD5 and SHA-1 have known collision attacks — don't use them for security.