Generate MD5, SHA-1, SHA-256, and SHA-512 hashes for text and files. Compare checksums, verify integrity. Runs entirely in your browser.
📁 Drop a file here or click to select — hashes generated locally
A cryptographic hash function takes any input and produces a fixed-size output (the "hash" or "digest"). The same input always produces the same hash, but even a tiny change in input creates a completely different hash. Hash functions are one-way — you can't reverse a hash back to the original input.
| Algorithm | Output Size | Speed | Security | Use Case |
|---|---|---|---|---|
| MD5 | 128 bits (32 hex) | Very fast | ❌ Broken | Checksums only |
| SHA-1 | 160 bits (40 hex) | Fast | ⚠️ Weak | Legacy systems |
| SHA-256 | 256 bits (64 hex) | Fast | ✅ Strong | Digital signatures, blockchain |
| SHA-384 | 384 bits (96 hex) | Medium | ✅ Strong | TLS certificates |
| SHA-512 | 512 bits (128 hex) | Medium | ✅ Strong | Password hashing, high security |
JavaScript: await crypto.subtle.digest('SHA-256', data)
Python: hashlib.sha256(b'text').hexdigest()
Bash: echo -n "text" | sha256sum
PHP: hash('sha256', 'text')
Go: sha256.Sum256([]byte("text"))
A cryptographic hash function converts any input (text or file) into a fixed-length string called a hash or digest. Hashes are used to verify file integrity (comparing checksums), store passwords securely, create digital signatures, and detect duplicate content. The same input always produces the same hash.
MD5 produces a 128-bit hash and is fast but cryptographically broken (do not use for security). SHA-1 produces 160 bits and is also deprecated for security. SHA-256 (256 bits) and SHA-512 (512 bits) are part of the SHA-2 family and are secure for modern use. SHA-256 is the most widely used for file verification and digital signatures.
No — hash functions are one-way. You cannot mathematically reverse a hash to get the original input. However, short or common inputs can be found using rainbow tables (precomputed hash databases). This is why passwords should be hashed with salt (a random value added before hashing) using bcrypt, scrypt, or Argon2.
Software downloads often include an MD5 or SHA-256 checksum. After downloading, generate the hash of the file and compare it to the published checksum. If they match, the file is intact and unmodified. If they differ, the file may be corrupted or tampered with — download it again from the official source.
MD5 is not safe for security purposes — it's been cryptographically broken since 2004, allowing collision attacks. However, it's still fine for non-security uses like checksums, data deduplication, or cache keys where collision attacks aren't a concern. For passwords, file signing, or security applications, use SHA-256 or SHA-512.