Hash Generator

Convert text to MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes. Compare all algorithms instantly. Runs entirely in your browser.

Enter Text

Generated Hashes

MD5 Legacy

128-bit

Fast checksums, cache keys, non-security identifiers

SHA-1 Deprecated

160-bit

Legacy systems only. Avoid for new applications.

SHA-256 Recommended

256-bit

File integrity, digital signatures, password hashing, SSL/TLS

SHA-384

384-bit

Higher security margin, compliance requirements

SHA-512 Secure

512-bit

High-security applications, 64-bit optimized systems

MD5 vs SHA-1 vs SHA-256 vs SHA-512

MD5 (128-bit): Fast but broken. Collision attacks are practical. Use only for non-security purposes like quick checksums or cache keys.

SHA-1 (160-bit): Deprecated for security. Collision attacks demonstrated in 2017. Avoid for new applications.

SHA-256 (256-bit): Current standard for security. Collision-resistant. Ideal for passwords, digital signatures, and file integrity.

SHA-512 (512-bit): Stronger than SHA-256 on 64-bit systems. Use for high-security applications or when extra margin is needed.

Which Hash Algorithm Should You Use

File checksums: MD5 or SHA-256 (MD5 is fine for non-security integrity checks)
Password storage: SHA-256 or SHA-512 with salt (prefer bcrypt/Argon2)
Digital signatures: SHA-256 or SHA-512
Git commits / Blockchain: SHA-256
SSL certificates: SHA-256 minimum (SHA-1 deprecated)

When Hashing Is Useful

Verify downloaded files match their published checksums
Detect duplicate content without comparing full data
Store password representations securely
Create unique identifiers for data
Sign documents and verify authenticity

Common Hashing Mistakes

Using MD5 or SHA-1 for security-sensitive applications
Storing passwords without salt
Using fast hashes (MD5, SHA-256) directly for passwords without key stretching
Assuming hashes are encrypted (they're one-way functions)
Comparing hashes without constant-time comparison (timing attacks)

Frequently Asked Questions

Is my data sent to a server? ▼

No. All hashing happens locally in your browser using the Web Crypto API. Your text never leaves your device. No data is sent to any server or stored anywhere.

What is the difference between MD5 and SHA-256? ▼

MD5 produces a 128-bit hash and is fast but not secure. SHA-256 produces a 256-bit hash and is cryptographically secure. For security, use SHA-256 or SHA-512.

Can I decrypt a hash back to the original text? ▼

No, hash functions are one-way. You cannot reverse a hash to get the original text. This is by design for security.

Which hash algorithm should I use for passwords? ▼

Use SHA-256 or SHA-512 with a salt. Better yet, use specialized algorithms like bcrypt, Argon2, or PBKDF2 designed for password hashing.