Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Hash Generator
Hashing transforms any input into a fixed-length string that acts as a unique fingerprint for that data.
This hash generator produces MD5, SHA-1, SHA-256, and SHA-512 hashes from any text input instantly. Paste your text, select the algorithm, and get the hash value ready to copy.
Developers use hash functions for file integrity verification, password storage, data deduplication, digital signatures, and caching. When you download software, the publisher provides a SHA-256 hash so you can verify the download was not corrupted or tampered with. When a website stores your password, it stores a hash rather than the plain text. When a CDN determines if cached content is still fresh, it compares content hashes.
This tool generates hashes in your browser with no data sent to any server. Enter your text, see all supported hash outputs simultaneously, and copy the one you need. For comparing two values, paste both and see whether they produce matching hashes.
What Is a Hash Function
A cryptographic hash function takes an input of any size and produces a fixed-length output (the hash, also called a digest or checksum). The function has several critical properties.
Deterministic. The same input always produces the same hash. "Hello" will always produce the same SHA-256 hash regardless of when, where, or how many times you hash it.
Fixed output length. Regardless of input size, the output length is always the same for a given algorithm. SHA-256 always produces a 256-bit (64-character hexadecimal) output whether the input is one character or one gigabyte.
One-way function. It is computationally infeasible to reverse a hash to find the original input. Given a SHA-256 hash, there is no mathematical shortcut to determine what input produced it. The only approach is brute force: trying inputs until one matches.
Avalanche effect. A tiny change in the input produces a drastically different hash. Changing a single character in the input typically changes more than half of the output bits. This means similar inputs produce completely unrelated hashes.
Collision resistance. It is computationally infeasible to find two different inputs that produce the same hash. For strong algorithms like SHA-256, the probability of a random collision is astronomically small.
Supported Hash Algorithms
MD5 (Message Digest Algorithm 5). Produces a 128-bit (32-character hex) hash. MD5 was widely used for decades but is now considered cryptographically broken. Collision attacks against MD5 have been demonstrated since 2004, meaning attackers can create two different inputs that produce the same MD5 hash. MD5 should not be used for security purposes like digital signatures or certificate validation. It remains acceptable for non-security uses like checksums for data integrity verification and cache key generation where deliberate collision attacks are not a concern.
SHA-1 (Secure Hash Algorithm 1). Produces a 160-bit (40-character hex) hash. SHA-1 was the standard for many years but was deprecated for security applications after collision attacks were demonstrated in 2017. Major browsers stopped accepting SHA-1 SSL certificates in 2017. Like MD5, SHA-1 is acceptable for non-security checksums but should not be used where collision resistance is required.
SHA-256 (SHA-2 family). Produces a 256-bit (64-character hex) hash. SHA-256 is the current industry standard for most cryptographic applications. It is used in SSL/TLS certificates, Bitcoin mining, code signing, and password hashing. No practical collision attacks against SHA-256 have been demonstrated. SHA-256 is the recommended choice for most new development.
SHA-512 (SHA-2 family). Produces a 512-bit (128-character hex) hash. SHA-512 offers a larger output space than SHA-256, providing an even higher theoretical security margin. It is faster than SHA-256 on 64-bit processors because it operates on 64-bit words natively. SHA-512 is used in high-security applications and some password hashing schemes.
Common Uses for Hash Functions
File integrity verification. Software publishers provide hash values alongside downloads. After downloading, you generate a hash of the downloaded file and compare it to the published hash. If they match, the file is intact and unaltered. This detects both transmission corruption and deliberate tampering.
Password storage. Responsible applications never store passwords in plain text. Instead, they store a hash of the password. When you log in, the system hashes your input and compares it to the stored hash. If they match, the password is correct. This means even if the database is compromised, the actual passwords are not exposed. Modern password hashing uses specialized algorithms like bcrypt, scrypt, or Argon2 that add salting and deliberate slowness to resist brute-force attacks. Standard hash functions like SHA-256 alone are too fast for password hashing and should be combined with proper password hashing algorithms.
Data deduplication. Storage systems use hashes to identify duplicate data. Rather than comparing files byte by byte, they compare hash values. Identical hashes indicate identical files with extremely high probability. Cloud storage, backup systems, and content-addressable storage all rely on this technique.
Digital signatures. Digital signature schemes hash the document first, then encrypt the hash with the signer’s private key. The recipient decrypts the signature with the signer’s public key and compares the result to their own hash of the document. Matching hashes prove that the document was signed by the claimed sender and has not been modified.
Cache validation. Web caches use content hashes (ETags) to determine if a cached resource is still current. The server generates a hash of the content. On subsequent requests, the client sends the hash. If the server’s current hash matches, the cached version is still valid, and no data transfer is needed.
Blockchain and cryptocurrency. Blockchain technology is built on hash functions. Each block contains the hash of the previous block, creating an immutable chain. Bitcoin mining involves finding inputs that produce SHA-256 hashes with a specific number of leading zeros.
Hashing Is Not Encryption
Hashing and encryption are fundamentally different operations, and confusing them is a common and potentially dangerous mistake.
Hashing is one-way. There is no key, and there is no way to reverse a hash to recover the original input. A hash is a fingerprint, not a locked box.
Encryption is two-way. Encryption transforms data using a key, and the original data can be recovered using the corresponding key. Encryption is a locked box.
If you need to store data and retrieve it later, use encryption. If you need to verify data without revealing it (like passwords), use hashing. Never use hashing when you need to recover the original data, and never use encryption where a one-way transformation is sufficient.
For encoding operations that are reversible but not security-related, see our Base64 Encoder/Decoder. For generating secure passwords that resist hash cracking, see our Password Generator.
Comparing Hash Values
A common workflow is comparing two hash values to verify integrity. To check if a downloaded file matches the publisher’s hash, generate the hash of your file and compare it character by character against the published value. Even a single character difference means the hashes do not match and the files are different.
Hash comparison should always be case-insensitive (a and A represent the same hexadecimal digit) but otherwise exact. When comparing programmatically, use constant-time comparison functions to prevent timing attacks that could leak information about which characters differ. For related tools, see our JSON Formatter for formatting hash comparison data and our Regex Tester for validating hash format patterns.
Frequently Asked Questions
What is a hash function?
A hash function takes any input and produces a fixed-length output string that serves as a unique fingerprint. The same input always produces the same hash. It is computationally infeasible to reverse a hash to find the original input.
Which hash algorithm should I use?
SHA-256 is the recommended choice for most applications. It is the current industry standard with no known practical attacks. Use SHA-512 for extra security margin. Avoid MD5 and SHA-1 for security-critical applications.
Is MD5 still safe to use?
MD5 is cryptographically broken for security purposes since collision attacks were demonstrated in 2004. It should not be used for digital signatures, certificates, or any context where collision resistance matters. It remains acceptable for non-security checksums.
Can you reverse a hash to get the original text?
No. Hash functions are one-way by design. There is no mathematical method to reverse a hash. The only approach is brute force, which is computationally infeasible for strong algorithms with sufficiently long inputs.
What is the difference between hashing and encryption?
Hashing is a one-way function that produces a fixed-size fingerprint. Encryption is a two-way function that uses a key to transform and later recover data. Use hashing for verification. Use encryption for confidentiality.
Why do different hash algorithms produce different length outputs?
Each algorithm is designed with a specific output size. MD5 produces 128 bits (32 hex characters), SHA-1 produces 160 bits (40 hex characters), SHA-256 produces 256 bits (64 hex characters), and SHA-512 produces 512 bits (128 hex characters). Larger outputs provide more collision resistance.
What is a hash collision?
A collision occurs when two different inputs produce the same hash output. For strong algorithms like SHA-256, the probability of a random collision is approximately 1 in 2 to the 128th power, making it effectively impossible.
How are hashes used for password storage?
Applications store a hash of your password instead of the password itself. When you log in, your input is hashed and compared to the stored hash. Modern password storage uses specialized algorithms like bcrypt that add salting and deliberate slowness.
Data accurate as of: March 2026