Can I hash files with this tool?

This tool hashes text strings. For file hashing, use the sha256sum command on Linux/macOS or the Get-FileHash cmdlet on Windows PowerShell.

MD5 is cryptographically broken — practical collision attacks exist. The Web Crypto API does not support MD5 for this reason. Use SHA-256 as a replacement for any integrity or security purpose.

Is my text sent to a server for hashing?

No. All hash computation happens in your browser using the Web Crypto API. Nothing is transmitted over the network.

Hash Generator

Generate SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text. Uses the Web Crypto API.

Input Text

SHA-1

—

SHA-256

—

SHA-384

—

SHA-512

—

What Is a Cryptographic Hash?

A hash function takes input of any length and produces a fixed-length output — the hash or digest. The same input always produces the same hash, but even a single character change produces a completely different output. This property makes hashes useful for data integrity verification, password storage, and digital signatures.

SHA-256 vs SHA-512

SHA-256 produces a 256-bit (32-byte) digest and is the most widely used hash in practice. Bitcoin's proof-of-work algorithm relies on it. TLS certificates, Git commit identifiers, and package integrity checks all use SHA-256. SHA-512 produces a 512-bit (64-byte) digest and runs faster on 64-bit processors due to its internal word size. Both offer strong collision resistance for current computing capabilities.

SHA-1 Deprecation

SHA-1 produces a 160-bit hash and was the dominant algorithm for decades. Google and CWI Amsterdam demonstrated a practical collision attack (SHAttered) in 2017, proving two different PDFs could share the same SHA-1 hash. Major browsers, certificate authorities, and Git have moved away from SHA-1 for security-critical applications. Use SHA-256 or SHA-512 for anything that requires collision resistance.

How This Tool Works

This generator uses the Web Crypto API built into your browser — the same cryptographic library that secures HTTPS connections. Text converts to bytes via UTF-8 encoding, then the browser's native crypto.subtle.digest() method computes the hash. No JavaScript polyfills or external libraries involved.

Hashing Is Not Encryption

Hashing is a one-way operation. You cannot recover the original input from a hash digest. Encryption, by contrast, is reversible with the correct key. Similarly, Base64 encoding is reversible and provides no security; it is a representation format, not a protection mechanism. Use hashing for verification (checking file integrity, storing password digests). Use encryption when you need to retrieve the original data later (secure messaging, file protection). Hash-based signatures also play a key role in tokens like JWTs; use our JWT Decoder to inspect those signatures.

Frequently Asked Questions

Can I hash files with this tool?: This tool hashes text strings. For file hashing, use the sha256sum command on Linux/macOS or the Get-FileHash cmdlet on Windows PowerShell.
Where is MD5?: MD5 is cryptographically broken — practical collision attacks exist. The Web Crypto API does not support MD5 for this reason. Use SHA-256 as a replacement for any integrity or security purpose.
Is my text sent to a server for hashing?: No. All hash computation happens in your browser using the Web Crypto API. Nothing is transmitted over the network.