Hash Generator
Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hash values from text in real time. Useful for data integrity verification and security auditing.
Last updated:
How to Use
Expand how to useCollapse how to use
- 1
Enter text
Enter the text you want to hash in the text area above.
- 2
Check hash values
Hash values for all algorithms (MD5, SHA-1, SHA-256, SHA-384, SHA-512) are automatically calculated as you type.
- 3
Copy results
Click the "Copy" button next to the hash value you need to copy it to your clipboard.
Input Text
About Hash Generator
Hash Generator computes MD5, SHA-1, SHA-256, SHA-384, and SHA-512 digests from any text in real time, displaying all five results side by side as you type. SHA algorithms are computed using the browser's native Web Crypto API, and text is encoded in UTF-8 before hashing to ensure consistent results across platforms and programming languages. Common uses include verifying downloaded file checksums against a publisher's SHA-256 value, generating cache keys for content-addressed storage systems, debugging webhook signatures (GitHub, Stripe, Slack all sign payloads with HMAC-SHA256), and checking data integrity after transforms in an ETL pipeline. Each hash value has a dedicated copy button.
Key Features
- Support for 5 hash algorithms (MD5, SHA-1, SHA-256, SHA-384, SHA-512)
- Real-time calculation (displays results for all algorithms as you type)
- UTF-8 encoding support (correctly processes multilingual text including Japanese)
- Individual copy function for each hash value
- Real-time input size display
Common Use Cases
- Verify SHA-256 checksums for downloaded packages or release artifacts
- Generate HMAC input or debug API request signatures
- Compute cache keys for content-addressed storage
- Cross-check hash values from CI/CD pipelines or npm publish outputs
- Quickly compare text hashes when debugging data transformation issues
Frequently Asked Questions
Why are MD5 and SHA-1 marked as "not recommended"?
Practical collision attacks have been demonstrated for both MD5 and SHA-1, meaning it is possible to craft two different inputs that produce the same hash value. For security-sensitive uses such as digital signatures, certificate verification, and password storage, these algorithms should no longer be trusted. For non-security uses such as checksums for detecting accidental corruption or legacy system compatibility, they remain acceptable.
Which algorithm should I use?
For most security purposes, SHA-256 is the standard choice — it offers a strong balance of security and performance and is universally supported. SHA-384 and SHA-512 provide longer outputs and higher security margins, which is useful for protecting highly sensitive data or when compliance standards require it. On 64-bit CPUs, SHA-512 can actually be faster than SHA-256 because it uses 64-bit arithmetic internally. Use MD5 and SHA-1 only when compatibility with existing systems requires it.
Can the same input always produce the same hash value?
Yes, hash functions are deterministic — the same input always produces the same output. However, even a single extra space, trailing newline, or different character encoding will produce a completely different hash. When comparing hashes from different tools, make sure the encoding (UTF-8, UTF-16, etc.) and line endings (LF vs CRLF) are consistent.
Can I recover the original text from a hash value?
No. Hash functions are one-way: it is computationally infeasible to reverse a hash back to its input. This is why they are used for storing passwords. Note that for password storage specifically, raw SHA-256 is not sufficient — use a dedicated password hashing function such as bcrypt, Argon2id, or scrypt, which are intentionally slow and include salting to resist brute-force attacks.
What is the difference between SHA-256 and SHA-512?
SHA-256 produces a 256-bit (64-character hex) digest; SHA-512 produces a 512-bit (128-character hex) digest. SHA-512 provides a larger margin against future cryptanalytic advances. Interestingly, on modern 64-bit CPUs SHA-512 often runs faster than SHA-256 because it performs fewer rounds on 64-bit words. For most applications SHA-256 is sufficient. Choose SHA-512 if your security policy or compliance framework explicitly requires it.
How do I verify a file checksum using this tool?
Find the official SHA-256 checksum published on the software download page or in a SHA256SUMS file. Copy the file contents (or the text you want to verify) into this tool's input area and compare the generated SHA-256 value with the official one. If they match character for character, the data is intact. Any difference — even one character — means the data has been modified or corrupted.
Is my input data sent to a server?
No. All five algorithms run locally via the Web Crypto API (SHA family) and a bundled MD5 implementation. Text you enter is hashed in your browser and never transmitted.