{ sniptools }
Encoding

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text

What is Hash?

A cryptographic hash function is a mathematical algorithm that takes an input of any size — a single character, a paragraph of text, an entire file — and produces a fixed-length output called a hash, digest, or checksum. The output is deterministic (the same input always produces the same hash), uniformly distributed (similar inputs produce wildly different hashes), and practically irreversible (you cannot reconstruct the input from the hash). These properties make hash functions foundational to software integrity verification, data deduplication, digital signatures, and content addressing.

The most widely used hash families in software development are MD5 (128-bit output), SHA-1 (160-bit), and the SHA-2 family which includes SHA-256 (256-bit) and SHA-512 (512-bit). MD5 and SHA-1 were once standards for security-critical applications but have been broken — researchers have demonstrated practical collision attacks where two different inputs produce the same hash. SHA-256 and SHA-512 remain secure against all known attacks and are the recommended choices for any application where hash integrity matters.

Developers encounter hash values constantly: verifying downloaded file integrity by comparing checksums, computing ETags for HTTP cache validation, generating content-based cache keys, verifying webhook signatures from services like GitHub or Stripe, and creating fingerprints for deduplication. This tool computes hashes instantly in the browser, making it easy to generate and compare digests without dropping into a terminal.

How it works

Hash functions operate by processing input data through a series of mathematical transformations organized in rounds. The input is first padded to a specific block size (512 bits for MD5/SHA-1/SHA-256, 1024 bits for SHA-512) and split into blocks. Each block is processed sequentially, updating an internal state through bitwise operations — rotations, shifts, XORs, and modular additions — mixed with round-specific constants derived from mathematical sequences.

SHA-256, for example, initializes eight 32-bit state variables to specific fractional values derived from the square roots of the first eight primes. Each 512-bit input block is expanded into sixty-four 32-bit words, and 64 rounds of compression transform the state using these words along with constants derived from the cube roots of the first 64 primes. The final state after all blocks are processed is concatenated to form the 256-bit hash output. This cascading dependency on every input bit is what causes even a single bit change in the input to completely change the output — a property called the avalanche effect.

In this tool, SHA-1, SHA-256, and SHA-512 are computed using the browser's native Web Crypto API (SubtleCrypto.digest()), which delegates to highly optimized platform implementations — often hardware-accelerated on modern CPUs that include SHA instruction extensions. MD5 is computed via a JavaScript implementation since the Web Crypto API deliberately excludes it due to its broken security status. The input text is first converted to UTF-8 bytes using TextEncoder before being passed to the hash function.

How to use this tool

  1. Type or paste the text you want to hash into the input field. The tool computes hashes from all supported algorithms simultaneously as you type.
  2. Review the hash outputs displayed for each algorithm: MD5, SHA-1, SHA-256, and SHA-512. Each hash is shown as a hexadecimal string.
  3. Click the copy button next to any hash to copy it to your clipboard for use in checksum comparisons, configuration files, or API integrations.
  4. To verify a file download, compute the hash of the file contents and compare it character by character against the hash published by the distributor. Even a single character difference means the content does not match.
  5. When comparing two hashes, note that hash comparison is case-insensitive — "a3f2" and "A3F2" represent the same value. However, the input text is case-sensitive — "Hello" and "hello" produce completely different hashes.

Examples

Verifying a downloaded file's integrity

A software distributor publishes a SHA-256 checksum alongside the download. Paste the file contents (or use the command-line sha256sum for binary files) to compute the hash, then compare it against the published value. If they match, the file has not been corrupted or tampered with during transfer.

Computing a webhook signature for API development

Services like GitHub, Stripe, and Slack sign webhook payloads using HMAC-SHA256. During development, you can hash the expected payload body to understand the digest format and length. While this tool computes plain hashes (not HMAC), it helps familiarize you with the hex-encoded output format you will compare against in your verification code.

Generating a cache-busting fingerprint

Hash the contents of a static asset (CSS, JavaScript, JSON configuration) to create a unique fingerprint like style.a3f2b1c4.css. Any change to the file content produces a different hash, ensuring browsers fetch the new version instead of serving a stale cached copy.

Creating a content-addressable storage key

In systems like Git, Docker, or IPFS, objects are stored and retrieved by the SHA-256 hash of their content. Paste content into the tool to see its content address — the hash that uniquely identifies that exact content. Two identical files anywhere in the system produce the same hash and are stored only once.

About this tool

Enter any text and instantly compute cryptographic hashes using MD5, SHA-1, SHA-256, and SHA-512 algorithms. All hashing runs client-side using the Web Crypto API — your data never leaves your browser.

Common use cases

  • Generating checksums to verify file integrity after downloads or transfers
  • Creating SHA-256 hashes for content-addressable storage or cache busting
  • Computing hashes for webhook signature verification during API development
  • Comparing MD5 or SHA hashes provided by software distributors to verify authenticity

Frequently asked questions

Which hashing algorithms are available?
The tool supports MD5 (128-bit), SHA-1 (160-bit), SHA-256 (256-bit), and SHA-512 (512-bit). All algorithms run client-side using the Web Crypto API for SHA variants and a JavaScript implementation for MD5.
Is MD5 still safe to use?
MD5 is considered cryptographically broken and should not be used for security purposes (like password hashing or digital signatures). It is still commonly used for checksums, cache keys, and non-security data integrity checks.
Can I hash files with this tool?
Currently the tool hashes text input. To hash a file, you can paste its contents into the text field. For binary file hashing, consider using the sha256sum command-line tool.
What is the difference between hashing and encryption?
Hashing is a one-way function: it produces a fixed-size digest from any input, and there is no mathematical way to reverse it back to the original data. Encryption is a two-way function: data is transformed using a key and can be decrypted back to the original using the same key (symmetric) or a paired key (asymmetric). Use hashing for integrity verification and password storage; use encryption when you need to recover the original data.
Why do different inputs sometimes produce the same hash (collisions)?
Since a hash function maps an infinite set of possible inputs to a finite set of fixed-length outputs, collisions are mathematically inevitable. The security of a hash function depends on how hard it is to deliberately find a collision. MD5 collisions can be generated in seconds on a laptop, SHA-1 collisions have been demonstrated (SHAttered attack, 2017), but no practical collision attacks exist for SHA-256 or SHA-512, making them the recommended choices for security applications.
Should I use hashing for storing passwords?
Plain cryptographic hashes (even SHA-256) should not be used directly for password storage because they are too fast — an attacker can test billions of guesses per second. Instead, use a dedicated password hashing algorithm like bcrypt, scrypt, or Argon2, which are intentionally slow and include salting to prevent rainbow table attacks. The hashes generated by this tool are meant for checksums, integrity verification, and general-purpose hashing — not password storage.