Hash Generator

What Is a Hash?

A cryptographic hash function takes an input of any size and produces a fixed-length output called a hash, digest, or checksum. The same input always produces the same hash (deterministic), but even a single character change in the input produces a completely different hash (avalanche effect). Hash functions are one-way: you cannot recover the original input from the hash.

Hashes are fundamental to computing. They verify file integrity (comparing a downloaded file's hash against the published hash), detect data tampering, index data in hash tables, deduplicate content, and form the basis of digital signatures and blockchain technology.

How to Generate Hashes

1. Type or paste your text into the input field -- hashes are computed automatically as you type
2. Select which algorithms you want: MD5, SHA-1, SHA-256 (enabled by default), or SHA-512
3. Each selected hash appears below with its value in hexadecimal
4. Click the Copy button next to any hash to copy it to your clipboard
5. To hash a file, drag and drop it onto the drop zone -- the tool reads the file locally and computes hashes without uploading

Hash Algorithms Compared

When to Use Each Hash

• MD5: Checksums, cache keys, deduplication, and non-security fingerprinting only. Do not use for passwords, signatures, or any security purpose.
• SHA-1: Legacy compatibility only. Deprecated for security use since 2017 when Google demonstrated a practical collision (SHAttered attack).
• SHA-256: The current recommended general-purpose hash. Use for file integrity verification, digital signatures, certificate fingerprints, and data integrity. Part of the SHA-2 family.
• SHA-512: When you need a larger hash or extra security margin. Actually faster than SHA-256 on 64-bit processors because it operates on 64-bit words natively.

Hashing Is Not Encryption

Hashing is a one-way operation. You put data in and get a fixed-length digest out. There is no key, and there is no way to reverse the process to recover the original data. The same input always produces the same hash.

Encryption is a two-way operation. You encrypt data with a key and can decrypt it with the same key (symmetric) or a corresponding key (asymmetric). The purpose is to protect data so that only authorized parties can read it.

The distinction matters: if you hash a password, you can verify someone knows the password (by hashing their input and comparing), but you can never recover the original password. If you encrypt a password, anyone with the key can recover it -- which is a liability, not a feature.

Frequently Asked Questions

Is MD5 still safe?

Not for security. MD5 collisions can be generated in seconds on modern hardware. This means an attacker can create two different files with the same MD5 hash. For non-security uses -- like generating a quick checksum to detect accidental file corruption, or keying a cache -- MD5 is still practical and fast.

Can you reverse a hash?

No. Hash functions are mathematically one-way. However, attackers maintain rainbow tables -- massive precomputed databases mapping common inputs to their hashes. If your input is a common word or short string, its hash may already be in a rainbow table. This is why passwords must be hashed with a random salt (unique per password) to defeat rainbow table lookups.

Should I hash passwords with SHA-256?

No. SHA-256 is designed to be fast, and speed is the enemy of password security. A modern GPU can compute billions of SHA-256 hashes per second, making brute-force attacks trivial. Instead, use password-specific algorithms like bcrypt, scrypt, or Argon2. These are deliberately slow (configurable work factor) and memory-intensive, making brute-force attacks impractical even with specialized hardware.