Hash Generator
Generate MD5, SHA-1, SHA-256, SHA-384 and SHA-512 hashes from any text — all five algorithms at once, with one-click copy.
Free · No credit card · 50 credits/day
Algorithm comparison
Five algorithms, one tool. Know which one to reach for.
| Algorithm | Output length | Security status | Common uses |
|---|---|---|---|
| MD5 | 128-bit / 32 hex | Broken | File checksums, non-security deduplication |
| SHA-1 | 160-bit / 40 hex | Broken | Legacy systems, Git commit IDs |
| SHA-256 | 256-bit / 64 hex | Secure | TLS certificates, JWT, file integrity |
| SHA-384 | 384-bit / 96 hex | Secure | High-assurance signatures, TLS 1.3 |
| SHA-512 | 512-bit / 128 hex | Secure | Digital signatures, HMAC, archival integrity |
What are hashes used for?
Cryptographic hashes appear throughout software, security and data engineering.
File integrity verification
Hash a file before and after download to confirm it hasn't been tampered with. SHA-256 checksums are standard for software distribution.
API request signing
HMAC-SHA256 signs API requests so the server can verify the payload hasn't changed in transit — used by AWS, Stripe, GitHub webhooks and many others.
Content deduplication
Hash file content to detect duplicates without comparing bytes. Git hashes every blob, tree and commit with SHA-1 (now migrating to SHA-256).
Blockchain and proof of work
Bitcoin uses double SHA-256 to mine blocks. Ethereum uses Keccak-256. Proof-of-work relies on the infeasibility of reversing a hash.
Digital signatures
Signing systems like RSA-SHA256 hash the message first, then sign the short hash — fast, secure, and independent of message length.
Database deduplication
Hash user-uploaded content (images, documents) to detect duplicates before storing — much faster than comparing raw bytes at scale.
MD5 and SHA-1 are broken — here's what that means
Collision attacks exist for both. A collision means two different inputs produce the same hash. For MD5, collisions can be found in seconds on a laptop. For SHA-1, they were demonstrated in practice by Google's SHAttered attack in 2017.
Do not use MD5 or SHA-1 for digital signatures, certificates or security tokens. An attacker who can craft a collision can forge a document that hashes to the same value as a legitimate one.
MD5 is still fine for non-security checksums. Verifying a file download against a known MD5 checksum is not a security decision — it catches accidental corruption, not attacks. Speed and simplicity win here.
SHA-256 is the safe default. It is part of the SHA-2 family, has no known practical attacks, and is supported everywhere. Use it unless you have a specific reason for SHA-384 or SHA-512.
SHA-512 is better for 64-bit systems. SHA-512 uses 64-bit operations internally and is actually faster than SHA-256 on 64-bit CPUs, while producing a longer digest.
Never use any of these to hash passwords. All general-purpose hash functions are intentionally fast, which makes them easy to brute-force. Use bcrypt, scrypt or Argon2 for passwords instead.
Frequently asked questions
Related security tools
More tools for cryptography and password security.
Generate a hash now
Free account. 50 credits per day. Access to 75+ tools instantly.
Create free account →