Hash Generator
Generate cryptographic hashes (SHA-1, SHA-256, SHA-384, SHA-512) of any text. Hashing runs in your browser with the Web Crypto API.
Hash
How to use it
A hash function is a one-way mathematical function that turns any input — a single character, a password, or an entire book — into a fixed-length string of hexadecimal characters called a digest. Feed it the same input twice and you get exactly the same digest every time, but change even one character and the entire output changes completely, an effect known as the avalanche effect. This makes hashes useful as a compact, deterministic fingerprint for data of any size. This tool computes four algorithms from two hash families. SHA-1 produces a 160-bit digest and was widely used for years, but researchers have since demonstrated practical collision attacks against it, so it is no longer considered secure and should not be used to protect anything sensitive — it's included here mainly for compatibility with legacy systems. SHA-256, SHA-384 and SHA-512 belong to the newer SHA-2 family and produce longer digests — 256, 384 and 512 bits respectively — with no known practical collision attacks, making them the safer choice for checksums, signatures and integrity checks today. Hashing only goes in one direction. There is no mathematical operation that takes a digest and recovers the original text, which is precisely the point — a hash proves that data hasn't changed without ever exposing the data itself. This is different from encryption, which is designed to be reversed with the right key. As a concrete example, hashing the word hello with SHA-256 always produces the same 64-character hex digest: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824. Notice the digest is always 64 hex characters for SHA-256, whether you hash one letter or an entire novel — the output length is fixed by the algorithm, never by the size of the input. To use this tool, type or paste any text into the input box. All four digests — SHA-1, SHA-256, SHA-384 and SHA-512 — update instantly as you type, computed locally in your browser using the Web Crypto API; nothing you type is sent to a server. Click copy next to any digest to copy it to your clipboard. Hashes show up constantly in everyday computing: verifying that a downloaded file or installer wasn't corrupted or tampered with by comparing its published checksum, deduplicating identical files without comparing their full contents, and underpinning digital signatures that prove a document is authentic. Password storage is a special case worth flagging honestly: production systems never store a plain SHA-256 hash of a password, because attackers can precompute hashes for common passwords. Real systems add a random salt and use a slow, purpose-built algorithm such as bcrypt or Argon2 instead — plain SHA hashes on their own are too fast and predictable to protect passwords properly.
Frequently asked questions
- What is a hash?
- A hash is a fixed-length fingerprint of your input. The same text always produces the same hash, but you can't reverse a hash back to the original text.
- Which algorithm should I use?
- SHA-256 is a good default for checksums and integrity. SHA-1 is included for legacy compatibility but is no longer considered collision-resistant for security.
- Is my text sent to a server?
- No. Hashes are computed locally with the Web Crypto API — your text never leaves your browser.
- Is hashing the same as encryption?
- No. Encryption is reversible — with the right key, ciphertext can be decrypted back into the original data. Hashing is one-way: there is no key that turns a digest back into the original text. Hashes are used to verify integrity and detect changes, not to hide or later recover secret information; that's what encryption is for.