Generate MD5, SHA-1, SHA-256, SHA-384 & SHA-512 hashes from text or files — entirely in your browser.
Type or paste text below to instantly generate cryptographic hashes. All processing happens in your browser — nothing is sent to any server.
Paste two hashes to check if they match — useful for verifying downloaded file checksums.
A cryptographic hash function takes an input of any size and produces a fixed-size output (the "hash" or "digest"). The output is deterministic — the same input always produces the same hash — but even a tiny change in the input produces a completely different hash. This property, called the avalanche effect , makes hashes useful for verifying data integrity. Hash functions are one-way: it is computationally infeasible to reverse a hash back to its original input.
| Algorithm | Output size | Designed for | Security for signing | Still used for |
|---|---|---|---|---|
| MD5 | 128 bits | Fast checksums | Broken (2004) | Non-security checksums, cache keys, ETags, database deduplication, legacy protocol compliance |
| SHA-1 | 160 bits | Digital signatures, SSL | Deprecated (2017) | Legacy git objects (migrating), old S/MIME, some API signature schemes that haven't updated |
| SHA-256 | 256 bits | General-purpose cryptographic hash | Strong | TLS, JWT, code signing, content-addressed storage, file integrity. The default choice for new work. |
| SHA-384 | 384 bits | Government / compliance use | Strong | NSA Suite B, some compliance mandates. Computationally it's SHA-512 with a shorter output. |
| SHA-512 | 512 bits | High-security / large data | Strong | Faster than SHA-256 on 64-bit CPUs for large inputs; used in Argon2, some SSH key fingerprinting |
Generating cache keys from URL strings, deduplicating file uploads in a database, building ETags for HTTP caching. MD5 is fast, the output is short (32 hex chars), and the collision concern only matters if an attacker controls the input. If users aren't trying to craft collisions, MD5 is fine.
Wang and Yu published MD5 collision attacks in 2004. Real-world exploits followed: the Flame malware in 2012 used an MD5 collision to forge a Microsoft code-signing certificate. SHA-1 got its collision (SHAttered) in 2017. Both are now firmly off-limits for anything where an adversary can benefit from a collision.
TLS certificate signatures, JWT signatures (HS256/RS256), Docker content addressing, package integrity in npm/pip/Cargo, webhook signature verification, HMAC-SHA256 for API keys. If you're starting something new and someone asks "what hash should we use?", the answer is SHA-256 unless you have a specific reason otherwise.
On 64-bit hardware, SHA-512 is often faster than SHA-256 for large inputs because the internal block size is 1024 bits vs 512 bits — fewer rounds over the same data. If you're hashing gigabytes of data and want more collision margin, SHA-512 costs nothing extra on modern servers.
When switching an existing system from MD5 to SHA-256, store both hashes during the transition period. Mark records as "verified SHA-256" once they've been revalidated. This avoids a big-bang migration that requires reprocessing every stored hash at once.
A checksum detects accidental corruption: bit rot, truncated downloads, flipped bytes during copy. It does not prove that a file hasn't been tampered with by someone who also updates the checksum. For tamper evidence, you need a digital signature (sign the hash with a private key) so that an attacker can't just recalculate and replace the checksum.
crypto.createHash(), Python's hashlib, and Go's hash package all support this pattern. This tool does exactly that when you compute multiple algorithms at once.