PFVPFV Tools
All tools

Hash Generator (MD5, SHA-1, SHA-256, SHA-512)

Compute MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes of any text or file.

  • hash
  • md5
  • sha1
  • sha-1
  • sha256
  • sha-256
  • sha512
  • sha-512
  • checksum
  • digest
  • fingerprint

About Hash Generator (MD5, SHA-1, SHA-256, SHA-512)

A cryptographic hash is a deterministic function that maps any input — a string, a file, a blob — to a fixed-length hex digest. The same input always produces the same hash; different inputs almost always produce different hashes. That property makes hashes useful for file integrity (compare a downloaded file's hash against the published one to detect corruption or tampering), content addressing (Git, IPFS), deduplication, and as a building block in HMACs and password storage.

This tool computes five common hash algorithms in one pass: MD5 (legacy, broken for security but still useful for non-security checksums), SHA-1 (Git's identifier, broken for collision resistance but fine for content addressing), and the SHA-2 family — SHA-256, SHA-384, SHA-512 — which are the modern defaults for anything security-sensitive.

How to use

Type or paste text into the input area to see all five hashes update live. Toggle UPPERCASE output if your tooling expects upper-case hex (otherwise lower-case is the more common convention). Click any hash to copy it.

For files, click "Hash a file instead" and choose a file from your computer. The file is read entirely in memory in the browser — nothing is uploaded — so very large files (hundreds of MB) may take a few seconds and consume RAM. Switch back to text mode by clearing the file.

Frequently asked questions

  • Is MD5 safe to use?

    For security, no — MD5 has been broken since 2004; collisions can be constructed quickly enough that attackers can forge MD5-matching documents on demand. For non-security purposes (checksums to detect accidental corruption, deduplication, hash table keys) MD5 is still fine and faster than SHA-2. The rule: never use MD5 for password hashing, digital signatures, or any context where an adversary chooses the input.

  • What about SHA-1?

    Also broken for collision resistance — Google demonstrated a practical SHA-1 collision in 2017 (the SHAttered attack). NIST deprecated SHA-1 for cryptographic use in 2011 and disallowed it entirely after 2030. It survives because Git uses it as a content identifier (Linus Torvalds has resisted migration), and because many older systems still need backward compatibility. For new cryptographic work, use SHA-256 or stronger.

  • Should I use SHA-256 or SHA-512?

    For most cases, SHA-256 — it's the most widely supported, smaller hash size, and faster on 32-bit systems. SHA-512 is slightly stronger on paper and faster on 64-bit systems (its operations are 64-bit native) but the security difference is academic for the foreseeable future. Pick SHA-512 when you specifically need 512-bit output, e.g. for HMAC keys in protocols that require it.

  • Why are hash outputs different lengths?

    Each algorithm has a fixed output size: MD5 is 128 bits (32 hex chars), SHA-1 is 160 bits (40 chars), SHA-256 is 256 bits (64 chars), SHA-384 is 384 bits (96 chars), SHA-512 is 512 bits (128 chars). The output is always exactly that size regardless of input length — that's what makes hashes useful as fixed-length identifiers.

  • Are my files or text uploaded anywhere?

    No. All hashing happens locally in your browser via the Web Crypto API (for SHA family) and the js-md5 library (for MD5). The text in the box never leaves the page, and files chosen via the file picker are read into memory by the browser and hashed in-place. The URL preserves your text input for sharing — if that's sensitive, clear it before copying the link.

More Text & Encoding tools