Hash Generator (MD5, SHA-1, SHA-256, SHA-512)

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes of any text instantly in your browser. Useful for checksums, fingerprints, and integrity checks.

Hashes update as you type. MD5 and SHA-1 are shown for legacy/checksum use only — never use them for passwords or security.

MD5
8e85d6a9f668854465624be4d8299510
SHA-1
SHA-256
SHA-512

About this tool

A cryptographic hash function maps any input to a fixed-length fingerprint: the same input always yields the same digest, and even a one-character change produces a completely different result. This tool computes four common digests of whatever text you type — MD5, SHA-1, SHA-256, and SHA-512 — updating live as you edit. The SHA family is calculated with the browser's built-in Web Crypto (SubtleCrypto) API, and MD5 is computed by a self-contained implementation verified against the RFC 1321 test vectors. Hashes are widely used for file checksums, deduplication keys, cache busting, and detecting accidental corruption. Note the security caveat: MD5 and SHA-1 are broken for collision resistance and must not be used for passwords, digital signatures, or anything security-sensitive — use SHA-256 or stronger, and for passwords specifically use a dedicated KDF like bcrypt or Argon2. All hashing happens locally; your text is never sent anywhere.

How to use it

  • Type or paste text into the box.
  • Read the MD5, SHA-1, SHA-256, and SHA-512 digests as they update live.
  • Copy any individual hash with its copy button.
  • Compare against a published checksum to verify integrity.

Frequently asked questions

Which hash should I use?
For integrity checks and fingerprints, SHA-256 is the sensible default. MD5 and SHA-1 are fine only for non-security checksums against accidental corruption. For storing passwords, do not use any of these directly — use a slow password hashing function such as bcrypt, scrypt, or Argon2.
Why are MD5 and SHA-1 considered insecure?
Practical collision attacks exist for both: an attacker can craft two different inputs with the same digest. That breaks their use in signatures and certificates. They remain acceptable only for detecting accidental, non-adversarial changes.
Does the same text always give the same hash?
Yes — hash functions are deterministic. Identical input (down to the exact bytes, including whitespace and encoding) always produces the identical digest, which is what makes hashes useful as fingerprints and lookup keys.
How is the text encoded before hashing?
The input is encoded as UTF-8 bytes before hashing, which is the standard. This means non-ASCII characters and emoji hash consistently with other UTF-8-based tools and command-line utilities like sha256sum.
Can I reverse a hash to get the original text?
No. Hashing is one-way by design. The only way to "reverse" a hash is to guess inputs and hash them until one matches, which is why weak or common inputs can be cracked but strong, unique inputs effectively cannot.
Is my input uploaded to a server?
No. Both the Web Crypto SHA hashes and the in-page MD5 run entirely in your browser, so sensitive text never leaves your device.

Related tools