Free hash generator. Compute MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes of any text input. Uses the browser's Web Crypto API for SHA family hashes; MD5 implemented per RFC 1321 and verified against standard test vectors. Useful for checksum verification, hash-based identifiers, and basic integrity comparisons.
A cryptographic hash maps any input, from a single word to a multi-gigabyte file, to a fixed-length string called a digest. SHA-256 always returns 64 hex characters, SHA-512 always returns 128, no matter how long the input is. The same input always produces the same digest, and changing a single byte produces a completely different one, which is why hashes are used for checksums, content addressing, and integrity checks. This tool computes MD5, SHA-1, SHA-256, SHA-384, and SHA-512 for whatever text you paste, entirely in your browser.
The SHA family here runs through the browser's Web Crypto API, the same primitive the platform uses under the hood, while MD5 is implemented per RFC 1321 and checked against the standard test vectors. Because everything runs client-side, nothing you type is sent to a server, which matters when you are hashing anything sensitive.
A hash is one-way: there is no key and no way to turn a digest back into the original input. That also means hashing is not encryption and is not, on its own, a safe way to store passwords. A plain SHA-256 of a password can be reversed by precomputed rainbow tables, so real password storage needs a slow, salted algorithm such as bcrypt, scrypt, or Argon2 rather than a raw hash.
Algorithm choice matters too. MD5 and SHA-1 are considered cryptographically broken because practical collisions (two different inputs with the same digest) have been demonstrated, so never use them for signatures or security decisions. They are still fine as fast, non-security checksums for detecting accidental corruption. For anything that needs collision resistance, use SHA-256 or stronger.
They are different hash algorithms producing different digest lengths: MD5 is 128-bit, SHA-1 is 160-bit, and SHA-256 is 256-bit. MD5 and SHA-1 are broken by collision attacks and should not be used for security. SHA-256 remains a strong general-purpose choice.
No. A hash is a one-way function with no key, so there is no way to reverse it. Tools that appear to 'decrypt' a hash are really just looking it up in a database of previously seen inputs, which only works for common or short values.
No. Fast hashes like SHA-256 are the wrong tool for password storage because they can be brute-forced quickly. Use a slow, salted password hash such as bcrypt, scrypt, or Argon2 instead.
No. This tool computes every hash locally in your browser using the Web Crypto API and an RFC 1321 MD5 implementation, so the text you enter never leaves your machine.