PK Systems
EN PT ES
Encoders & decoders

Hash Generator

Compute MD5, SHA-1, SHA-256, SHA-384 and SHA-512 hashes from text or files. Runs entirely in your browser.

Hash Generator

Computed hashes

    What is a cryptographic hash?

    A cryptographic hash is a fixed-length fingerprint computed from arbitrary input. The same input always produces the same hash, but even a one-bit change rewrites the output completely. Hashes are one-way — you cannot recover the original data from the digest. They power file integrity checks, version IDs (Git uses SHA-1/SHA-256), digital signatures and content addressing. SHA-256 onwards are the modern, widely-trusted choice; MD5 and SHA-1 still appear in legacy systems but should not be used for security.

    How to use this tool

    Pick Text and type or paste any string — every supported algorithm updates instantly. Switch to File to drop in a binary (image, archive, installer, anything) and verify its checksum against a published value. Tap any Copy button to grab the hex digest. Everything runs locally with the browser's Web Crypto API; the file never leaves your device, even for very large inputs.

    Hashes are not for password storage

    A bare MD5, SHA-1, or SHA-256 of a password is dangerously fast to brute-force. If you're hashing passwords server-side, use a slow, salted password-hashing function — Argon2id, scrypt, or bcrypt — never a raw cryptographic hash. This tool is for integrity checks, content fingerprints and learning, not for protecting credentials.

    Algorithm reference

    Output length and recommended use for each supported algorithm.

    Algorithm Output (bits / hex chars) Recommended use
    MD5128 / 32Legacy checksums only — broken for security.
    SHA-1160 / 40Git compat, legacy systems — avoid for new work.
    SHA-256256 / 64Modern default for integrity & signatures.
    SHA-384384 / 96SHA-512 internals, shorter output.
    SHA-512512 / 128Strongest of the family; faster on 64-bit CPUs.

    Frequently asked questions

    Are my files or text uploaded anywhere?
    No. Hashing happens locally with crypto.subtle.digest for SHA-* and an inline implementation for MD5. You can verify by opening DevTools > Network and dragging in a file — no requests are made. The page works offline once it has loaded.
    Why is MD5 still listed if it's broken?
    MD5 is broken for security purposes (collisions can be crafted), but it's still useful as a fast checksum to detect accidental corruption — and lots of legacy systems, mirrors and CDNs still publish MD5 sums. Knowing how to compute it remains practical.
    Can I verify a download with this tool?
    Yes. Download the file, drop it into the file box, then compare the resulting digest against the SHA-256 (or whichever) value published by the project. If they match, the file is bit-for-bit identical to what was published.
    Is there a limit on file size?
    Practically, only your machine's RAM and patience. The file is read into an ArrayBuffer and hashed in a single pass; multi-gigabyte files work, but the browser will hold the whole buffer in memory. For very large files, a desktop tool like sha256sum may be quicker.
    Why does the same text give a different hash on another site?
    Almost always a trailing newline or different character encoding. We hash the exact UTF-8 bytes of what you typed — no implicit newline appended. Some CLI tools pipe text with a trailing \n via echo; pipe with printf %%s or strip the newline to match.
    Which algorithm should I use?
    For new work, prefer SHA-256 (or SHA-512 on 64-bit systems where it's actually faster). SHA-384 is useful when you want SHA-512 internals but a shorter output. Use SHA-1 only to interoperate with legacy systems (Git, old TLS) and MD5 only as a quick non-security checksum.
    Base64 Image Encoder & Decoder Text List Transformer Sleep Cycle Calculator Island Name Generator Slug Generator Compound Interest Calculator