Hash Generator
Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes — all locally in your browser.
Input
—————Security note
MD5 and SHA-1 are cryptographically broken — collisions can be generated, so they should never be used for password storage, digital signatures, or content integrity in adversarial settings. They remain useful for non-security tasks like deduplication and checksums where accidental corruption is the only concern. For passwords, use Argon2, bcrypt, or scrypt. For integrity and signatures, prefer SHA-256 or higher.
About this tool
Generate cryptographic hashes from any text input. The tool computes MD5, SHA-1, SHA-256, SHA-384, and SHA-512 simultaneously using the Web Crypto API. Your input is never transmitted to any server, making this safe for sensitive data.
How to use it
Quick steps to get the most out of this utility.
- 1
Type or paste input
Any string works — short messages, JSON payloads, file contents, etc.
- 2
See all hashes
MD5, SHA-1, SHA-256, SHA-384, and SHA-512 update simultaneously as you type.
- 3
Pick the right one
For checksums, MD5 or SHA-256 are common. For security-critical use, prefer SHA-256 or higher.
- 4
Copy the digest
Each row has its own copy button. Toggle uppercase if you need the canonical hex format for your platform.
A quick guide to hash algorithms
A cryptographic hash function maps any input of any size to a fixed-length output (the digest). Good hash functions have three properties: same input always produces the same output, it's computationally infeasible to find two inputs with the same output (collision resistance), and the output reveals nothing about the input (preimage resistance).
| Algorithm | Output bits | Status | Recommended for |
|---|---|---|---|
| MD5 | 128 | Broken | Non-security checksums only |
| SHA-1 | 160 | Broken | Legacy compatibility only |
| SHA-256 | 256 | Strong | General purpose, signatures |
| SHA-384 | 384 | Strong | Higher-security signatures |
| SHA-512 | 512 | Strong | High-security applications |
Frequently asked questions
Is my input sent anywhere?+
No. All hashing happens in your browser using the Web Crypto API (and a JavaScript implementation for MD5). Nothing is uploaded.
Should I use MD5 for passwords?+
No, never. MD5 is cryptographically broken — collisions can be generated easily. For passwords, use a slow, salted, memory-hard algorithm like Argon2, bcrypt, or scrypt. For digital signatures and integrity, use SHA-256 or higher.
When is MD5 still acceptable?+
MD5 is fine for non-adversarial use cases like deduplication, content addressing, and basic file checksums where you only need to detect accidental corruption — not malicious tampering.
What does "salt" mean in hashing?+
A salt is a random value added to the input before hashing, so identical inputs produce different hashes. This prevents attackers from precomputing hash tables (rainbow tables) for common passwords. Salts must be unique per-record for full protection.
Why is the same input producing the same hash every time?+
That is the defining property of a hash function — it is deterministic. Same input always produces the same output. If you need different outputs for the same input, add a salt (a unique random value) before hashing.
Keep exploring
More utilities and reading from Toolisk.