Hash Generator
Generate MD5, SHA-1, SHA-256 hashes. All in your browser.
Try it with this example
Type "password123" and choose MD5 or SHA-256 to see the hash. Same input always gives the same hash.
What is this tool?
A hash function takes input of any size and produces a fixed-length output called a hash or digest. The same input always yields the same hash; a tiny change in the input produces a completely different hash. That makes hashes ideal for checksums, verifying file integrity, and creating compact fingerprints of data. This Hash Generator creates MD5, SHA-1, and SHA-256 hashes from text—all in your browser, with no data sent to any server.
Type or paste your text and select the hash algorithm. MD5 produces a 32-character hex string; SHA-1 produces 40 characters; SHA-256 produces 64. Use MD5 for non-security purposes like cache keys or simple checksums. For anything security-related—password verification, API signatures, certificate fingerprints—use SHA-256. MD5 and SHA-1 are considered cryptographically broken for collision resistance, meaning an attacker could theoretically find two inputs with the same hash. SHA-256 has no known practical attacks and is the current standard.
Developers use hashes for many tasks. When downloading a file, you compare its hash to the published value to ensure the file wasn't corrupted or tampered with. Package managers and installers often provide SHA-256 checksums for verification. In APIs, HMAC uses a hash (typically SHA-256) with a secret key to sign requests, so the recipient can verify the request came from a legitimate source. Password storage should never use plain MD5 or SHA-256 alone; use bcrypt, Argon2, or PBKDF2. This tool is for general-purpose hashing of text, not for password hashing.
The tool processes input as UTF-8 text. So " café" (with an accent) and "cafe" (without) produce different hashes. That matters when you're hashing strings for cache keys or deduplication: encoding and normalization must match between systems. For file hashing, you'd typically use a command-line tool like sha256sum; this tool is best for hashing strings, API payloads, or configuration snippets.
Because everything runs client-side, your data never leaves your device. That's important when hashing sensitive strings. You can hash passwords here to compare against stored hashes during debugging—but again, never store passwords as plain MD5 or SHA. This tool is fast, simple, and always available. Keep it bookmarked for quick checksums and hashes whenever you need them.