Hash Generator - MD5, SHA-1, SHA-256, SHA-512
Generate cryptographic hash digests from any text input. Compare MD5, SHA-1, SHA-256, and SHA-512 outputs side by side. All hashing runs in your browser — no data leaves your machine.
What Is a Cryptographic Hash?
A cryptographic hash function takes an input of any length and produces a fixed-length output called a hash or digest. The same input always produces the same output, but even a single character change produces a completely different hash — the avalanche effect. Hash functions are one-way: you cannot reverse a hash to recover the original input.
Hash Algorithm Comparison
| Algorithm | Output Size | Speed | Security Status | Common Uses |
|---|---|---|---|---|
| MD5 | 128-bit (32 hex chars) | Very fast | Broken — not for security | Non-security checksums, legacy systems |
| SHA-1 | 160-bit (40 hex chars) | Fast | Deprecated | Git commit IDs (legacy), checksums |
| SHA-256 | 256-bit (64 hex chars) | Fast | Secure | File integrity, TLS certificates, Bitcoin |
| SHA-384 | 384-bit (96 hex chars) | Moderate | Secure | TLS, high-security signatures |
| SHA-512 | 512-bit (128 hex chars) | Moderate | Secure | High-security checksums, HMAC |
Practical Use Cases
- File integrity verification: Compute a SHA-256 hash of a downloaded file and compare with the publisher's posted checksum to detect tampering or corruption.
- API request signing: HMAC-SHA256 signs API requests so the server can verify both authenticity and integrity of the payload.
- Deduplication: Hash file contents to detect duplicates without comparing entire file bodies.
- Content addressing: Git uses SHA-1 (migrating to SHA-256) to uniquely address every commit, tree, and blob in the repository.
- Database lookup optimization: Store a hash of large text fields and query by hash for fast equality checks.
Generating Hashes in Code
Node.js
import { createHash } from 'crypto';
const hash = createHash('sha256')
.update('hello world')
.digest('hex');
// b94d27b9934d3e08a52e52d7da7dabfac484efe...Python
import hashlib
text = "hello world"
sha256 = hashlib.sha256(text.encode()).hexdigest()
md5 = hashlib.md5(text.encode()).hexdigest()Shell (Linux/macOS)
# SHA-256 of a file
sha256sum filename.zip
# MD5 of a string
echo -n "hello world" | md5sumSecurity Best Practices
- Never use MD5 or SHA-1 for security-sensitive purposes (signatures, password storage, certificate fingerprints).
- Always use SHA-256 or stronger for new systems.
- For passwords: use bcrypt (cost 12+), scrypt, or Argon2id — never raw SHA hashes, even with a salt.
- When comparing hashes in code, use constant-time comparison to prevent timing attacks.
- Add a random salt to any user-derived input before hashing to defeat rainbow table attacks.
Frequently Asked Questions
What is the difference between MD5, SHA-1, and SHA-256?
MD5 produces a 128-bit hash and is cryptographically broken. SHA-1 produces 160 bits and is deprecated for security use. SHA-256 produces 256 bits and remains secure. Choose SHA-256 or SHA-512 for any new security-sensitive work.
Can I reverse a hash back to the original text?
No. Hash functions are one-way by design. Attackers use precomputed rainbow tables to look up common passwords from their MD5/SHA-1 hashes. This is why salted password hashing with bcrypt or Argon2 is critical for storing user passwords.
Which hash algorithm should I use?
For file integrity: SHA-256 or SHA-512. For password storage: bcrypt, scrypt, or Argon2 (not raw SHA). For HMAC authentication: SHA-256. For non-security checksums: MD5 is fine. Avoid MD5 and SHA-1 for anything security-related.
Why do some file downloads provide multiple hash types?
Publishers often provide MD5, SHA-1, and SHA-256 checksums to support users with different tools. MD5 is included for legacy compatibility; SHA-256 is the one you should actually verify. If any hash matches, the file is intact.