HomeHash Generator

Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-512, CRC32 hashes — text or file, 100% in your browser

Hash Comparison

Verify if two hashes match (e.g. verify a downloaded file)

Supported Algorithms

  • MD5 (128-bit)
  • SHA-1 (160-bit)
  • SHA-256 (256-bit)
  • SHA-384 (384-bit)
  • SHA-512 (512-bit)
  • CRC32
  • HMAC variants
  • Base64 encode/decode

Related Tools

Password Generator Text Encrypt UUID Generator

Free Cryptographic Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-384, SHA-512 and CRC32 hashes for any text or file directly in your browser. Uses the native Web Crypto API for SHA algorithms, ensuring maximum performance and security. Essential for developers verifying data integrity and security professionals.

Features

6 Hash Algorithms

MD5, SHA-1, SHA-256, SHA-384, SHA-512 and CRC32 — all the most-used hashing algorithms.

File Hashing

Drag and drop any file to generate its hash for integrity verification.

HMAC Support

Generate HMAC signatures using SHA-256, SHA-384 and SHA-512 with a secret key.

Hash Comparison

Paste two hashes side-by-side to instantly verify if they match.

One-Click Copy

Copy individual hashes or all results at once with a single click.

No Upload

All hashing is performed locally. Your sensitive data never touches a server.

Who Uses This Tool?

DevelopersVerify file downloads by comparing SHA-256 hashes with official checksums.
Security ProfessionalsGenerate password hashes for storage and test hash collision resistance.
Database AdministratorsHash sensitive data before storage to protect against data breaches.
Forensic AnalystsGenerate file fingerprints to detect tampering and verify chain of custody.

Frequently Asked Questions

Which hash algorithm should I use?
For security-sensitive applications, use SHA-256 or SHA-512. MD5 and SHA-1 are considered cryptographically broken and should only be used for checksums, not security. CRC32 is for error-detection only.
What is the difference between a hash and encryption?
A hash is one-way — you cannot reverse it to get the original data. Encryption is two-way — it can be decrypted with the correct key. Use hashing to verify integrity, encryption to protect confidentiality.
What is HMAC used for?
HMAC (Hash-based Message Authentication Code) combines a hash with a secret key to verify both data integrity and authenticity. It is used in API authentication, JWT tokens and webhook verification.
Why do different algorithms produce different length outputs?
Each algorithm produces a fixed-length output: MD5=128 bits (32 hex chars), SHA-256=256 bits (64 hex chars), SHA-512=512 bits (128 hex chars). Longer outputs are harder to crack.

Pro Tip

Always use SHA-256 or higher when verifying downloaded software. The official download page will list the expected hash — if your computed hash doesn't match exactly, do not install the file as it may have been tampered with.

Did You Know?

2^256
SHA-256 Possible Outputs
SHA-256 can produce 2^256 different hash values — a number larger than the estimated number of atoms in the observable universe. This makes collisions practically impossible.
1996
MD5 Was Broken
MD5 was shown to have collision vulnerabilities in 1996 and fully broken in 2004. Yet it still appears in millions of systems today — only use it for checksums, never for security.
Every Block
Bitcoin Uses SHA-256
Bitcoin's proof-of-work system uses SHA-256 to hash every block. The entire network performs trillions of SHA-256 computations per second, making it the most computed hash function in history.

Algorithm Comparison

AlgorithmOutput LengthSpeedSecurity StatusUse For
MD5128 bit / 32 hexFastest❌ BrokenChecksums only
SHA-1160 bit / 40 hexFast❌ WeakLegacy only
SHA-256256 bit / 64 hexGood✅ SecureGeneral security
SHA-512512 bit / 128 hexSlower✅ Very secureHigh-value data
CRC3232 bit / 8 hexFastest⚠️ Error detectionFile checksums
HMAC-SHA256256 bit / 64 hexGood✅ Secure + keyedAPI auth, webhooks

More Questions

Can two different inputs produce the same hash (collision)?
Theoretically yes — this is called a hash collision. In practice, for SHA-256 and SHA-512, no collision has ever been found. MD5 and SHA-1 have known collision attacks, which is why they should not be used for security purposes. For SHA-256, finding a collision would require more energy than currently exists on Earth.
What is salting and why is it important for passwords?
A salt is a random string added to a password before hashing, stored alongside the hash. Without salting, identical passwords produce identical hashes — exposing them to rainbow table attacks. With salting, even identical passwords have completely different hashes. Never store passwords as plain MD5 or SHA hashes without salting.
How do I verify a downloaded file's integrity using a hash?
Download the file and its published SHA-256 hash from the official source. Use our Hash Generator (File mode) to compute the file's SHA-256. If your computed hash matches the published hash exactly (character for character), the file is authentic and unmodified. Even one character difference means the file was corrupted or tampered with.

Common Mistakes

Using MD5 for password hashing
MD5 is cryptographically broken. A modern GPU can crack millions of MD5 hashes per second using rainbow tables.
Use bcrypt, scrypt or Argon2 — algorithms designed specifically for passwords.
Comparing hashes with == instead of constant-time comparison
Regular string comparison short-circuits on the first different character, enabling timing attacks.
Use crypto.timingSafeEqual() or equivalent in your language.
Thinking the same hash always means the same content
Hash collisions exist in MD5 and SHA-1. Two crafted files can have the same MD5 hash but completely different content.
Use SHA-256 or higher for any security-sensitive integrity checking.