Hash Generator
Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 cryptographic hashes. Compare hash values for data integrity verification.
Hash Algorithm Guide
- SHA-256 (Recommended)
- Industry standard for security, file integrity, and blockchain. Use this unless you have specific requirements.
- MD5 / SHA-1
- Legacy algorithms with known vulnerabilities. Only use for non-security purposes like checksums or cache keys.
- SHA-384 / SHA-512
- Higher security variants. Use when SHA-256 isn't sufficient or when working with 64-bit systems.
What is a hash?
A cryptographic hash function takes input data of any size and produces a fixed-size output (the hash or digest). The same input always produces the same hash, but even a tiny change to the input produces a completely different hash.
"hello" → SHA-256 → 2cf24dba5fb0a30e...
"hello." → SHA-256 → b26c30e2e9c8e9d4...Hash algorithms compared
| Algorithm | Output Size | Security | Use Case |
|---|---|---|---|
| MD5 | 128 bits (32 hex chars) | Broken | Checksums only |
| SHA-1 | 160 bits (40 hex chars) | Weak | Legacy systems |
| SHA-256 | 256 bits (64 hex chars) | Strong | General purpose |
| SHA-384 | 384 bits (96 hex chars) | Strong | High security |
| SHA-512 | 512 bits (128 hex chars) | Strong | Maximum security |
SHA-256 is recommended for most purposes. It offers a good balance of security and performance.
Common uses for hashes
Data integrity - Verify files weren’t corrupted or tampered with:
sha256sum ubuntu.iso
# Compare with published hashPassword storage - Store hashes instead of plaintext passwords (use bcrypt or Argon2, not raw SHA):
// Never store passwords directly
// Use proper password hashing like bcryptDigital signatures - Sign a hash of the document rather than the entire document.
Deduplication - Identify duplicate files by comparing hashes.
Git commits - Git uses SHA-1 to identify commits:
commit a1b2c3d4e5f6...MD5 and SHA-1: why they’re insecure
MD5 and SHA-1 are cryptographically broken. Attackers can create different inputs that produce the same hash (collision attacks).
MD5 was broken in 2004. It should only be used for non-security purposes like checksums.
SHA-1 was broken in 2017 (the “SHAttered” attack). Google and others have phased it out.
Use SHA-256 or stronger for anything security-related.
Hashing vs encryption
Hashing is one-way - you cannot recover the original data from a hash. Encryption is two-way - you can decrypt ciphertext back to plaintext with the key.
| Hashing | Encryption |
|---|---|
| One-way | Two-way |
| Fixed output size | Output size varies |
| No key needed | Requires key |
| For integrity | For confidentiality |
Salting hashes
For password hashing, always use a unique random salt for each password. This prevents attackers from using precomputed tables (rainbow tables):
// Without salt - vulnerable to rainbow tables
hash("password123") // Always same hash
// With salt - unique per user
hash("password123" + "random_salt_xyz") // Different hashModern password hashing algorithms like bcrypt and Argon2 handle salting automatically.
How this tool works
Enter text to generate hashes using multiple algorithms simultaneously. The tool uses the Web Crypto API for SHA variants and a JavaScript implementation for MD5 (since Web Crypto doesn’t support MD5). Powered by a QuantCDN Edge Function.