What is a Hash?
A cryptographic hash is a fixed-length string produced by running data through a mathematical function. The same input always produces the same output, but even a tiny change to the input produces a completely different hash. Hash functions are also one-way — you can’t reverse a hash to get back the original input.
Hashes are used to verify data integrity, store passwords securely, create digital signatures, and generate unique identifiers for files and content.
Hash Algorithms
- MD5: Produces a 32-character hash. Fast but no longer considered secure for cryptographic purposes. Still widely used for checksums and non-security file verification.
- SHA-1: Produces a 40-character hash. Stronger than MD5 but also deprecated for security use.
- SHA-256: Part of the SHA-2 family, produces a 64-character hash. The current standard for most security applications.
- SHA-512: Produces a 128-character hash. Offers stronger security than SHA-256 at the cost of a larger output.
How to Use This Tool
- Type or paste text into the input area, or drop a file onto it to load its contents.
- Hashes for all four algorithms are computed and displayed instantly.
- Pick the output format — hex (lowercase), HEX (uppercase), or base64 — depending on what your downstream consumer expects.
- Copy any hash with the copy button next to it.
Common Use Cases
- Verifying file integrity: Compare a file’s SHA-256 hash against the published checksum to confirm it wasn’t corrupted or tampered with.
- Checksums: Generate MD5 checksums for quick file comparison.
- Understanding hashing: See how different algorithms produce different-length outputs from the same input.
- Testing hash functions: Check how your input’s hash changes when you modify the text.
Frequently Asked Questions
Can I use MD5 to store passwords?
No. MD5 and SHA-1 are considered cryptographically broken and should not be used for passwords. Use a dedicated password-hashing function like bcrypt, Argon2, or scrypt instead.
Why does the same text always produce the same hash?
That’s by design — hashing is deterministic. This property is what makes hashes useful for verification: you can re-hash something later and compare.
Is my data private?
Yes. All hashing runs locally in your browser using the Web Crypto API. Nothing is sent to a server.
When do I need uppercase hex or base64 output?
Different systems expect different conventions: Git and most CLI tools use lowercase hex; some Windows tools and protocol specs use uppercase HEX; HTTP Authorization: Basic headers, JWT signatures, and many APIs expect base64. Pick the format your consumer wants — the underlying digest is identical.