A cryptographic hash generator produces a fixed-length fingerprint of any input data. The same input always produces the same hash; a single bit changed in the input produces a wildly different hash; and it's computationally infeasible to find two inputs with the same hash (collision resistance) or to recover the input from the hash (preimage resistance). This generator produces SHA-256, SHA-512, and SHA-1 hashes using the browser's native Web Crypto API — the same implementations used in TLS, Git, Bitcoin, and the SubResource Integrity attribute on <script> tags.
How Cryptographic Hashing Works
Hash functions like SHA-256 take input of any size and run it through a series of bitwise operations (rotations, XORs, modular additions) organized into rounds, producing a fixed-size output digest (256 bits = 64 hex characters for SHA-256, 512 bits = 128 hex chars for SHA-512). This tool uses crypto.subtle.digest(), which is implemented in C/Rust inside the browser engine and hardware-accelerated on modern CPUs (Intel SHA-NI, ARM Crypto Extensions). Hashing a 1 MB input takes single-digit milliseconds.
When to Generate a Hash
- File integrity verification — compare a downloaded file's hash to the publisher's published hash to detect corruption or tampering.
- Password storage — never store plaintext passwords; hash with bcrypt, argon2, or scrypt (NOT plain SHA — those are too fast for password hashing).
- Cache keys — hash a complex object to produce a deterministic cache key.
- Content-addressable storage — Git, IPFS, Bitcoin all use content hashes as identifiers.
- HMAC / API request signing — AWS Signature v4, GitHub webhooks, Stripe webhooks all use HMAC-SHA256.
- SubResource Integrity —
<script src="..." integrity="sha384-..."> ensures CDN content hasn't been tampered with.
Hash Generation in Code
// Browser (Web Crypto)
async function sha256(text) {
const data = new TextEncoder().encode(text);
const buf = await crypto.subtle.digest('SHA-256', data);
return Array.from(new Uint8Array(buf))
.map(b => b.toString(16).padStart(2, '0')).join('');
}
// Node.js
const crypto = require('crypto');
const hash = crypto.createHash('sha256').update(text).digest('hex');
// CLI
echo -n 'hello' | sha256sum // Linux
echo -n 'hello' | shasum -a 256 // macOS
Why No MD5?
This generator does not produce MD5 hashes. The Web Crypto API doesn't expose MD5 because MD5 is cryptographically broken — in 2004 researchers demonstrated practical collision attacks, and by 2008 collisions could be generated in seconds. SHA-1 is also weakened (the 2017 SHAttered attack produced the first practical SHA-1 collision) but still widely used in Git and legacy systems. For new code, default to SHA-256; for higher security margins, SHA-512 or SHA-3. For password hashing specifically, use a slow KDF like argon2id, bcrypt, or scrypt — raw SHA hashes are too fast and enable GPU-based brute-force attacks.