Paste text or drop a file to instantly generate MD5, SHA-1, SHA-256, and SHA-512 hashes. All hashing happens entirely in your browser using the Web Crypto API — no data is ever sent to a server. Compare two hashes to verify file integrity or check download authenticity.
Pro tip: After downloading a file, paste its published SHA-256 checksum and the hash you generate here into the Compare Hashes section to verify the download wasn’t corrupted or tampered with during transfer.
What Is a Hash and How Does Hashing Work?
A cryptographic hash function takes an input of any size — a single word, a multi-gigabyte file, or anything in between — and produces a fixed-length string of hexadecimal characters called a digest or checksum. The same input always produces the same output, but even a one-character change in the input produces a completely different hash. This property, known as the avalanche effect, is what makes hashing useful for data integrity verification, password storage, digital signatures, and content addressing.
Unlike encryption, hashing is a one-way process. There is no key, no way to reverse the operation, and no method to recover the original input from the hash. Encryption is designed to be reversible with the right key; hashing is designed to be irreversible by anyone. This fundamental difference determines when you should use each: encrypt data that needs to be read later (messages, files, database fields), and hash data that only needs to be verified (passwords, file checksums, commit identifiers).
Hash Algorithms Compared: MD5, SHA-1, SHA-256, SHA-512
MD5 produces a 128-bit (32-character) digest and was designed in 1991 by Ronald Rivest. It is extremely fast but cryptographically broken — researchers have demonstrated practical collision attacks that can generate two different inputs with the same MD5 hash. MD5 should never be used for security purposes such as certificate verification, digital signatures, or password hashing. It remains acceptable for non-security checksums like verifying file transfers where deliberate tampering is not a concern.
SHA-1 produces a 160-bit (40-character) digest and was designed by the NSA in 1995. It was the standard for TLS certificates, Git commits, and software signing for nearly two decades. However, a practical collision attack was demonstrated in 2017, and all major browsers and certificate authorities have since deprecated SHA-1. Git still uses SHA-1 internally for commit hashes but is gradually migrating to SHA-256. Like MD5, SHA-1 is no longer suitable for security-critical applications.
SHA-256 is part of the SHA-2 family designed by the NSA and published in 2001. It produces a 256-bit (64-character) digest and is currently the most widely used secure hash algorithm. It secures TLS connections, Bitcoin mining, software package verification, and countless APIs. No practical attacks against SHA-256 have been demonstrated, and it is considered safe for all current applications. SHA-256 is the recommended default for most use cases.
SHA-512 also belongs to the SHA-2 family and produces a 512-bit (128-character) digest. While it offers a larger output and wider security margin, it is not necessarily more secure than SHA-256 for practical purposes. SHA-512 is sometimes faster than SHA-256 on 64-bit processors because its internal operations use 64-bit words. It is commonly used in password hashing schemes and applications that benefit from a longer digest.
Hash vs. Encryption: When to Use Each
A common point of confusion is the difference between hashing and encryption. Both transform data, but they serve fundamentally different purposes. Encryption is a two-way process that uses a key to transform plaintext into ciphertext, and the same key (symmetric) or a paired key (asymmetric) to reverse the transformation. Use encryption when you need to store data securely and retrieve it later — database fields, API tokens, message contents, and file storage.
Hashing is a one-way process with no key and no reversal. Use it when you need to verify that data has not changed without storing the original data itself. The classic example is password storage: store the hash of the password, and when a user logs in, hash their input and compare it to the stored hash. If they match, the password is correct — and if the database is breached, attackers cannot recover the original passwords from the hashes alone (assuming a strong algorithm and proper salting).
Verifying File Integrity with Checksums
Software distributors publish SHA-256 checksums alongside their download links so users can verify that the file they received is identical to the file that was uploaded. After downloading, you generate a hash of the local file and compare it to the published checksum. If they match, the file is intact. If they differ, the file was corrupted during transfer or potentially tampered with. This tool’s file mode and compare hashes section make this verification process fast and visual — drop the file in, paste the published hash, and see an instant match or mismatch indicator.
HMAC: Hash-Based Message Authentication Codes
An HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to produce an authenticated digest. Unlike a plain hash, an HMAC proves both integrity and authenticity — only someone who knows the secret key can produce the correct HMAC for a given message. HMACs are used extensively in API authentication (webhook signatures from Stripe, GitHub, and Shopify), JWT token signing, and secure session management. HMAC-SHA256 is the most common variant and is available to subscribers in this tool.
The Deprecation of MD5 and SHA-1
Both MD5 and SHA-1 were once considered secure, but advances in cryptanalysis have rendered them vulnerable to collision attacks. A collision occurs when two different inputs produce the same hash — a devastating failure for any application relying on hash uniqueness. The practical impact is significant: forged certificates, tampered software packages, and undermined digital signatures. For any new project, SHA-256 should be the minimum standard. MD5 and SHA-1 are included in this tool because they remain in wide use for legacy compatibility and non-security checksums, but you should always prefer SHA-256 or SHA-512 for anything security-sensitive.
Salting Hashes for Password Storage
Storing a plain hash of a password — even a strong one like SHA-256 — is still dangerous because attackers can precompute a massive lookup table of hash–to–password mappings called a rainbow table. If your database is breached, they simply look up each hash and recover the original password in milliseconds. The defense is a salt: a cryptographically random value generated uniquely for each user and appended to their password before hashing. Because every user has a different salt, attackers cannot amortize their computation across the entire database — each account must be cracked individually. Even so, general-purpose hash functions like SHA-256 are designed to be fast, and modern GPUs can test billions of guesses per second. For password storage specifically, you should use a purpose-built algorithm such as bcrypt, Argon2, or scrypt, which are intentionally slow and memory-intensive by design, making brute-force attacks computationally infeasible even when an attacker has the full hash and salt.
Hashing is just one piece of a broader security toolkit. If you need to generate collision-resistant unique identifiers rather than verify data integrity, the UUID Generator is the right tool for the job. And if you are working with JWTs, the JWT Decoder & Inspector can help you inspect the HMAC signatures that protect token integrity.