Hash Generator — MD5, SHA-256, SHA-512 Online
#What this tool does
Enter any text, select a hash algorithm (MD5, SHA-1, SHA-256, or SHA-512), and get the hash output instantly. All hashing runs client-side in your browser using the Web Crypto API (SubtleCrypto). Nothing is sent to a server.
#Hash algorithms compared
| Algorithm | Output | Security | Use case |
|---|---|---|---|
| MD5 | 128-bit (32 hex chars) | Broken — known collision attacks | Non-security checksums only |
| SHA-1 | 160-bit (40 hex chars) | Deprecated — collision demonstrated in 2017 | Legacy systems, Git (transitioning away) |
| SHA-256 | 256-bit (64 hex chars) | Standard — no known practical attacks | Passwords (with salt), signatures, integrity |
| SHA-512 | 512-bit (128 hex chars) | Strongest — larger internal state | High-security applications, HMAC |
#When to use each algorithm
SHA-256 is the default choice for security-sensitive applications. Use it for password hashing (always with a salt and a key derivation function like bcrypt or Argon2), file integrity verification, digital signatures, and content-addressable storage.
SHA-512 offers a larger internal state and is faster than SHA-256 on 64-bit processors. Use it when you need the highest security margin or when building HMAC-based authentication — for example, JWT tokens use HMAC-SHA256 (HS256) for signature verification.
MD5 is fast and widely supported, but it has known collision vulnerabilities. Use it only for non-security checksums — verifying file downloads, cache busting, or deduplication where adversarial collisions are not a concern. Never use MD5 for passwords or digital signatures.
SHA-1 is deprecated for security use. Google and CWI Amsterdam demonstrated a practical SHA-1 collision in 2017. Git uses SHA-1 for commit hashes and is transitioning to SHA-256 (available as an experimental option via git init --object-format=sha256).
#Hashing vs encryption
Hashing is one-way. You cannot reverse a hash to recover the original input. A hash function always produces a fixed-length output regardless of input size — whether you hash a single character or a 10 GB file, SHA-256 always returns 64 hex characters.
Encryption is two-way. Data is transformed using a key and can be decrypted back to the original with the correct key. Encryption preserves the data; hashing destroys it by design.
Use hashing for verification (passwords, integrity checks, signatures). Use encryption when you need to retrieve the original data later (stored credentials, data at rest, data in transit). If you need to encode data rather than hash it, see our Base64 encoder/decoder.
#Open source
This tool is powered by @azin-tech/mini-tools, an open-source developer toolkit. View source on GitHub.
Auto-deploy into your own cloud
Push code, AZIN handles the rest. Auto-detected builds, your cloud account, no vendor lock-in.