Hash Generator
Turn any text into MD5, SHA-1, SHA-256 and SHA-512 hashes — all four at once, computed locally in your browser.
What is a cryptographic hash?
A hash function maps input of any size to a fixed-length fingerprint: MD5 produces 128 bits (32 hex characters), SHA-256 produces 256 bits (64 hex characters). The same input always yields the same hash, while even a one-character change produces a completely different one — which is why hashes are used for checksums, cache keys, data deduplication, integrity verification and (with salt and a slow KDF) password storage.
Which algorithm should I use?
SHA-256 is the safe default for anything security-related — collision attacks against MD5 and SHA-1 are practical, so both are considered broken for signatures and certificates. MD5 and SHA-1 remain fine for non-security uses: verifying a download against a published checksum, generating cache keys, or spotting accidental corruption. For storing passwords, don't use any plain hash — use bcrypt, scrypt or Argon2.
FAQ
Can I reverse a hash to get the original text?
No — hashing is one-way. "Decrypting" MD5 sites are just lookup tables of precomputed hashes for common strings, which is exactly why unsalted password hashes are dangerous.
Why does the same text give a different hash on another site?
Usually a trailing newline or different character encoding. This tool hashes exactly what you type as UTF-8 with no added newline — equivalent to printf 'text' | sha256sum rather than echo, which appends \n.
Is my text uploaded to a server?
No. SHA hashes are computed with the browser's built-in WebCrypto API and MD5 with a compact implementation verified against the RFC 1321 test vectors — all locally.
Free tools are just the start
Deploy your next app on bare-metal cloud with per-second billing — your first app is free, no credit card required.
More free tools
Generate strong, random passwords with a cryptographically secure RNG — entirely in your browser.
Encode text to Base64 or decode it back — UTF-8 safe, with URL-safe variant support.
Percent-encode strings for safe use in URLs, or decode %20-style sequences back to text.
Decode a JSON Web Token's header and payload, check expiry, and verify HS256 signatures.
Validate JSON with precise error locations, then pretty-print or minify it — with sorted keys if you like.
Strip comments and whitespace from HTML, CSS or JavaScript and see exactly how many bytes you saved.