Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from any text. All hashing happens in your browser — your text never leaves your device.

Ctrl+Enter to generate

When to use each algorithm

  • MD5 — Fast, 32-character hex output. Cryptographically broken (collisions are possible). Use only for checksums, cache keys, or non-security purposes.
  • SHA-1 — 40-character hex output. Also considered weak for security. Still used in Git commit IDs and some legacy systems.
  • SHA-256 — 64-character hex output. The standard choice for security. Used in TLS, Bitcoin, JWT, and most modern cryptography.
  • SHA-512 — 128-character hex output. Provides higher security margin. Preferred for password hashing alongside a salt (e.g. with bcrypt/Argon2).

Never hash passwords with MD5 or SHA-256 directly. Use a dedicated password hashing function like bcrypt, Argon2, or PBKDF2 which include salting and work factors.

How hashing works

A hash function takes any input text and produces a fixed-length output. The same input always produces the same hash, but it is computationally infeasible to reverse the hash back to the original input. Even a single character change in the input produces a completely different hash (the avalanche effect).

Frequently Asked Questions

What is the difference between MD5 and SHA-256?

MD5 produces a 128-bit (32 hex characters) hash and is fast but cryptographically broken — collisions can be generated intentionally. SHA-256 produces a 256-bit (64 hex characters) hash and is part of the SHA-2 family, considered secure for most cryptographic purposes including digital signatures and integrity checks.

Which algorithm should I use?

Use SHA-256 for integrity checks, API signatures, JWTs, and general security. Use SHA-512 when you need maximum security margin. Use MD5 only for non-security use cases like quick checksums or deduplication keys. Do not use MD5 or SHA-1 for any security-sensitive purpose.

Is my text sent to a server when hashing?

No. SHA-1, SHA-256, and SHA-512 use the browser's built-in WebCrypto API (crypto.subtle.digest). MD5 uses a JavaScript library running entirely in your browser tab. Your text never leaves your device.

Can I reverse a hash to get the original text?

No. Hash functions are one-way — there is no algorithm to reverse a hash to its input. For common passwords, attackers use precomputed rainbow tables, which is why passwords must always be salted before hashing.

Related Tools