Hash Generator
Generate cryptographic hashes (SHA-256, SHA-384, SHA-512) and legacy checksums (MD5, SHA-1) of any text. Uses the browser's WebCrypto API for SHA-2 variants; nothing transmits.
Algorithm reference
| Algorithm | Output size | Status | Typical use |
|---|---|---|---|
| MD5 | 128 bits | Broken cryptographically | Non-security checksums only (e.g., S3 etag) |
| SHA-1 | 160 bits | Broken for collision resistance | git object IDs, HMAC-SHA1 (still safe in HMAC construction) |
| SHA-256 | 256 bits | Safe | Bitcoin, TLS certificates, JWT signatures, password derivation (with bcrypt/scrypt/Argon2) |
| SHA-384 | 384 bits | Safe | Higher-security contexts, government applications |
| SHA-512 | 512 bits | Safe | When 256 bits aren\'t enough; faster than SHA-256 on 64-bit hardware |
How the tool computes each hash
SHA-256, SHA-384, and SHA-512 use the browser's WebCrypto API (crypto.subtle.digest),
which delegates to the OS or browser's native cryptographic primitives. SHA-1 uses WebCrypto as
well, but the tool emits a warning that it shouldn't be used for new cryptographic applications.
MD5 uses a small JavaScript implementation because WebCrypto deliberately doesn't expose MD5.
Frequently asked questions
Which algorithms are safe to use today?
SHA-256, SHA-384, SHA-512, and BLAKE2 are safe for cryptographic use. SHA-1 is broken (collisions demonstrated 2017); use only for non-security purposes like git object IDs or HMAC-SHA1 (the construction remains safe). MD5 is broken for all cryptographic purposes; use only for checksums where collisions don't matter.
Is hashing the same as encryption?
No. Hashing is one-way — you can compute a hash from input, but not the input from the hash. Encryption is reversible with a key. Hashes are used for integrity (checksums), password storage (with a salt), and key derivation. Encryption is used for confidentiality.
Should I use MD5 to store passwords?
No. Even SHA-256 alone is insufficient for passwords because attackers can compute billions per second. Use a password-specific KDF: bcrypt (cost ≥ 12), scrypt, or Argon2id. The OWASP Password Storage Cheat Sheet has current parameters.