Our free hash generator creates cryptographic hashes like MD5, SHA-1, SHA-256, and SHA-512 from text (and files). A hash is a one-way fingerprint of data: the same input always produces the same output, but even a one-character change creates a completely different hash. Developers use hashes to verify downloads, compare payloads, detect changes, and validate integrity in CI/CD pipelines, APIs, and security workflows.
Choose your algorithm based on your goal. SHA-256 is the default for integrity checks and modern workflows. SHA-512 is useful when you want a longer digest. MD5 and SHA-1 are fast and still used for legacy checksums, but they are not recommended for security-sensitive scenarios due to known weaknesses. If you need password storage, don’t store plain SHA-256 hashes — use a password hashing function like Argon2 or bcrypt with a unique salt.
Generate Cryptographic Hashes
How to generate a hash
- Paste your input in “Text” (or choose “File”).
- Click Generate Hashes / Hash File.
- Copy the hash you need (MD5, SHA-1, SHA-256, SHA-512).
- Compare it to an expected checksum to verify integrity.
Tip: if you’re verifying a download, always hash the file bytes (not the filename or a copied snippet).
MD5 vs SHA-1 vs SHA-256 vs SHA-512
| Algorithm | Output length | Best for | Avoid for |
|---|---|---|---|
| MD5 | 32 hex chars | legacy checksums, non-security dedupe | security, passwords |
| SHA-1 | 40 hex chars | legacy compatibility | security |
| SHA-256 | 64 hex chars | integrity checks, modern workflows | password storage |
| SHA-512 | 128 hex chars | long digests, high-security contexts | password storage |
Common hash use cases
- Verify a download: compare your SHA-256 with the publisher’s checksum
- Detect changes: store a hash of config files and compare later
- Integrity in pipelines: hash artifacts in CI to detect tampering
- Deduping: hash payloads to identify duplicates (non-security use)
Hash examples
Input:
hello
Outputs:
- MD5: 5d41402abc4b2a76b9719d911017c592
- SHA-1: aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
- SHA-256: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
- SHA-512: 9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca7…
Security notes (read this)
- Hashing is not encryption. You can’t “decrypt” SHA-256.
- Don’t use MD5/SHA-1 for security decisions.
- Don’t store passwords as plain SHA-256. Use Argon2 or bcrypt with unique salts.
- For message authentication, use HMAC (like HMAC-SHA256), not plain hashes.
Troubleshooting
| Problem | Likely cause | Fix |
|---|---|---|
| Hash doesn’t match another tool | Hidden newline/spaces | Trim input or verify visible whitespace |
| Different result between systems | Encoding differences | Ensure UTF-8 everywhere |
| File checksum mismatch | Hashed text copy, not raw bytes | Use File hashing mode |
| Comparing different algorithms | MD5 vs SHA mismatch | Verify you used the same algorithm |
Frequently asked questions
What is the difference between hashing and encryption?
Hashing is one-way (you can’t decrypt it). Encryption is reversible with a key. Hashes are used for integrity checks; encryption is used for confidentiality.
What is a checksum and how is it used?
A checksum is a hash published by a vendor so you can verify a download hasn’t changed. You compute the hash locally and compare it to the expected value.
Which algorithm should I use for file verification?
Use SHA-256 by default. SHA-512 is fine too. Avoid MD5/SHA-1 for security decisions.
Why is MD5 considered insecure?
MD5 has known collision attacks, so it’s not suitable for security-sensitive scenarios. It’s still seen for legacy checksums and non-security deduping.
Why do two tools produce different hashes for the same text?
Usually due to hidden characters (newlines/spaces) or different encodings (UTF-8 vs ASCII) or different newline normalization (LF vs CRLF).
What is HMAC and when should I use it?
HMAC combines a secret key with a hash algorithm to authenticate messages. Use HMAC (like HMAC-SHA256) when you need integrity + authenticity, not plain hashes.
Can SHA-256 be reversed?
No. SHA-256 is designed to be one-way. You can’t recover the original input from the hash.
Why shouldn’t I store passwords as SHA-256?
Fast hashes are vulnerable to brute force. Use a password hashing function like Argon2 or bcrypt with per-user salts instead.
How do I verify a downloaded file checksum?
Hash the file bytes (not the filename), then compare the result to the checksum from the publisher. If it matches, the file is unchanged.
Can I hash large files online?
Yes, but very large files can hit browser memory limits. For huge files, use native tools (sha256sum, certutil, openssl) for best performance.
Related tools
- Base64 Encoder/Decoder — encode strings safely for transport
- Password Generator — generate strong passwords (then store them properly)
- SSL Checker — verify certificates and chain issues
- Email Validator — check email DNS authentication records