Hash Generator
Generate hashes for text and files with MD5, SHA-1, SHA-256, SHA-384, and SHA-512. Compare checksums, create HMAC signatures, and hash lists in your browser.
SHA-256 is the safest default for modern checksum verification.
Multi-hash works for text and files. Bulk mode outputs one hash per line.
HMAC is available for SHA-1, SHA-256, SHA-384, and SHA-512.
MD5
128-bit | 32 hex chars
Waiting for input... SHA-1
160-bit | 40 hex chars
Waiting for input... SHA-256
256-bit | 64 hex chars
Waiting for input... SHA-384
384-bit | 96 hex chars
Waiting for input... SHA-512
512-bit | 128 hex chars
Waiting for input... Waiting for input... Each non-empty line will be hashed separately.
Why use this hash generator?
This tool is built for practical developer workflows: verify downloads, compare published checksums, inspect webhook signatures, hash payloads before signing, or generate digests for lists of identifiers. It works entirely client-side, supports both text and files, and can show every major digest at once so you do not have to keep switching tools.
Supported algorithms
| Algorithm | Bits | Hex length | Best use |
|---|---|---|---|
| MD5 | 128 | 32 | Fast legacy checksum. Do not use for new security-sensitive systems. |
| SHA-1 | 160 | 40 | Legacy hash kept for compatibility only. Collision attacks are practical. |
| SHA-256 | 256 | 64 | Best default for integrity checks, APIs, signatures, and modern applications. |
| SHA-384 | 384 | 96 | Larger SHA-2 digest used in some certificate and compliance-heavy workflows. |
| SHA-512 | 512 | 128 | Largest SHA-2 digest here, useful when you want the biggest security margin. |
Common workflows
- Verify a download: switch to File, choose the downloaded file, then compare the SHA-256 output with the published checksum.
- Check webhook signatures: switch to Text, enable HMAC, paste the request body, add your shared secret, and copy the result.
- Hash many IDs at once: stay in Text, enable Hash each non-empty line separately, then paste one value per line.
- Need compatibility: enable Show all algorithms to generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 in one pass.
Hashing vs encryption
Hashing is one-way. You can compare digests, but you cannot recover the original input from a secure hash. Encryption is reversible if you have the correct key. Use hashes for integrity checks and signatures; use encryption when you need to hide data and later decrypt it.
Security guidance
- Prefer SHA-256+ for modern verification and new systems.
- Avoid MD5 and SHA-1 for security; keep them only for legacy compatibility or old checksum manifests.
- Do not use plain hashes for passwords; use a password hashing algorithm such as Argon2, bcrypt, or scrypt on the server.
- Use HMAC when authenticity matters; it protects against tampering when both parties share a secret key.
Frequently asked questions
Is my data uploaded? No. Hashing, comparison, and HMAC generation all happen in your browser.
Why do uppercase and lowercase hashes still match? Hex digests are case-insensitive.
The comparison field ignores case, whitespace, colons, hyphens, and an optional 0x prefix.
Can I hash a whole file locally? Yes. Choose File and this page will read the file on your device and generate the digest without sending it anywhere.
Related tools
- Base64 Encode / Decode for encoded payloads and tokens.
- JWT Decoder for inspecting signed tokens after decoding.
- URL Encoder / Decoder for safely preparing signed URLs and query strings.