RevealTheme logo

Hash Generator (MD5 / SHA)

Generate SHA-1, SHA-256, SHA-384, and SHA-512 hashes of any text. Everything runs locally in your browser via the Web Crypto API — nothing is uploaded.

How to use this tool

  1. 1

    Type or paste the text you want to hash into the input box.

  2. 2

    Click Generate to compute the digests.

  3. 3

    Read the SHA-1, SHA-256, SHA-384, and SHA-512 results, each shown as a lowercase hexadecimal string.

  4. 4

    Select a hash and copy it for use as a checksum, cache key, or content identifier.

What are cryptographic hashes, and which ones does this tool produce?

A cryptographic hash function is a deterministic algorithm that turns any input into a fixed-size output called a digest. This tool computes four members of the SHA family at once: SHA-1 (160 bits, 40 hex characters), SHA-256 (256 bits, 64 hex), SHA-384 (384 bits, 96 hex), and SHA-512 (512 bits, 128 hex). It does not compute MD5 — the browser's Web Crypto API (crypto.subtle.digest) deliberately omits MD5 and other broken algorithms, so this page cannot offer it. Three properties make these functions useful: determinism (the same input always yields the same digest), the avalanche effect (flipping one input bit changes about half the output bits), and one-wayness (you cannot reverse a digest to recover the input). SHA-1 is included for compatibility with legacy systems and Git object IDs, but it has a known collision attack (2017) and should not be used to defend against a deliberate attacker; prefer SHA-256 or SHA-512 for new security work. The tool encodes your text as UTF-8 before hashing, so its output is byte-identical to OpenSSL, Python's hashlib, and Node's crypto for the same UTF-8 bytes.

Common use cases

  • Verify a downloaded file's text manifest or release notes match a publisher's listed SHA-256.

  • Compute the SHA-256 of a config string to use as a stable, content-addressable cache key.

  • Generate a SHA-256 fingerprint of a JSON payload to detect whether two records are identical.

  • Reproduce a Git-style SHA-1 object identifier while learning how content addressing works.

  • Confirm that two copies of a code snippet or certificate are bit-for-bit the same by comparing digests.

  • Produce a SHA-512 digest of a message to paste into a documentation example or test fixture.

Frequently asked questions

Does this tool support MD5?
No. It is built on the browser's Web Crypto API (crypto.subtle.digest), which only implements SHA-1, SHA-256, SHA-384, and SHA-512. MD5 was intentionally left out of that API because it is cryptographically broken. If you specifically need an MD5 checksum, use a command-line tool such as md5sum or OpenSSL instead.
Is SHA-1 safe to use here?
It depends on your goal. SHA-1 is fine for non-adversarial integrity checks and for interoperating with systems that still use it, such as Git object hashing. It is not safe against a deliberate attacker: a practical collision was demonstrated in 2017, so do not rely on SHA-1 for digital signatures or anything an attacker can influence. Use SHA-256 or SHA-512 for those.
Can these hashes be reversed?
Not directly — they are one-way functions. But for short or low-entropy inputs (a password, a common word), an attacker can precompute digests of every likely input and look yours up. That is why password storage uses a unique salt and a slow algorithm. For long, high-entropy inputs reversal is computationally infeasible.
Why does my hash differ from another tool's result?
Almost always an input-byte difference. This tool hashes the UTF-8 encoding of exactly what you type. A different tool may use a different text encoding, add or strip a trailing newline, or include a UTF-8 byte-order mark. Hash the identical bytes and the digests will match.
Does this hash files, or only text?
Only text typed or pasted into the box. There is no file upload in this tool — the input is encoded as UTF-8 and then hashed. To checksum a binary file, use a desktop utility such as sha256sum or shasum, which read the raw file bytes.
Is my input uploaded anywhere?
No. Hashing happens entirely in your browser through the Web Crypto API. Your text is never sent to a server, which makes the tool safe to use offline and with data you would not want to transmit.
When should I pick SHA-512 over SHA-256?
SHA-256 is secure for the foreseeable future and is the sensible default. SHA-512 has a larger digest and can be faster on 64-bit hardware because of its wider internal word size. Choose SHA-512 when a specification requires it or when you want the extra output length; otherwise SHA-256 is plenty.

Related tools