Dev Tools Dev Hash Generator (MD5, SHA256)
100% client-side · No signup · Free forever

Hash Generator (SHA-256, SHA-512, SHA-1)

Generate cryptographic hashes from any text using the Web Crypto API.

1
Dev tool
Hash Generator (MD5, SHA256)
Live
Input text
Hash results

A cryptographic hash generator produces a fixed-length fingerprint of any input data. The same input always produces the same hash; a single bit changed in the input produces a wildly different hash; and it's computationally infeasible to find two inputs with the same hash (collision resistance) or to recover the input from the hash (preimage resistance). This generator produces SHA-256, SHA-512, and SHA-1 hashes using the browser's native Web Crypto API — the same implementations used in TLS, Git, Bitcoin, and the SubResource Integrity attribute on <script> tags.

How Cryptographic Hashing Works

Hash functions like SHA-256 take input of any size and run it through a series of bitwise operations (rotations, XORs, modular additions) organized into rounds, producing a fixed-size output digest (256 bits = 64 hex characters for SHA-256, 512 bits = 128 hex chars for SHA-512). This tool uses crypto.subtle.digest(), which is implemented in C/Rust inside the browser engine and hardware-accelerated on modern CPUs (Intel SHA-NI, ARM Crypto Extensions). Hashing a 1 MB input takes single-digit milliseconds.

When to Generate a Hash

  • File integrity verification — compare a downloaded file's hash to the publisher's published hash to detect corruption or tampering.
  • Password storage — never store plaintext passwords; hash with bcrypt, argon2, or scrypt (NOT plain SHA — those are too fast for password hashing).
  • Cache keys — hash a complex object to produce a deterministic cache key.
  • Content-addressable storage — Git, IPFS, Bitcoin all use content hashes as identifiers.
  • HMAC / API request signing — AWS Signature v4, GitHub webhooks, Stripe webhooks all use HMAC-SHA256.
  • SubResource Integrity<script src="..." integrity="sha384-..."> ensures CDN content hasn't been tampered with.

Hash Generation in Code

// Browser (Web Crypto)
async function sha256(text) {
  const data = new TextEncoder().encode(text);
  const buf = await crypto.subtle.digest('SHA-256', data);
  return Array.from(new Uint8Array(buf))
    .map(b => b.toString(16).padStart(2, '0')).join('');
}

// Node.js
const crypto = require('crypto');
const hash = crypto.createHash('sha256').update(text).digest('hex');

// CLI
echo -n 'hello' | sha256sum       // Linux
echo -n 'hello' | shasum -a 256   // macOS

Why No MD5?

This generator does not produce MD5 hashes. The Web Crypto API doesn't expose MD5 because MD5 is cryptographically broken — in 2004 researchers demonstrated practical collision attacks, and by 2008 collisions could be generated in seconds. SHA-1 is also weakened (the 2017 SHAttered attack produced the first practical SHA-1 collision) but still widely used in Git and legacy systems. For new code, default to SHA-256; for higher security margins, SHA-512 or SHA-3. For password hashing specifically, use a slow KDF like argon2id, bcrypt, or scrypt — raw SHA hashes are too fast and enable GPU-based brute-force attacks.

Frequently Asked Questions

Everything you need to know about the Hash Generator (MD5, SHA256).

Why is MD5 not listed?

Web Crypto does not expose MD5 because it is cryptographically broken. We support SHA-1, SHA-256 and SHA-512 which are the modern standards.