§

Paste text or drop a file to hash

Encoding
§

Hash Generator — SHA-256, MD5, SHA-1 Online

All four digests are computed locally in your browser. Nothing is uploaded.
§

MD5

Deprecated
§

SHA-1

Deprecated
§

SHA-256

§

SHA-512

US engineers reach for cryptographic hashes constantly: NIST SP 800-131A guidance on SHA-256 and SHA-512 underpins every FedRAMP-moderate audit, AWS S3 `Content-MD5` checksums gate large uploads, GitHub commit SHAs are SHA-1 prefixes, and supply-chain attestations under SLSA pin artefacts by SHA-256 digest. UK government engineers follow the NCSC's deprecation guidance on MD5 and SHA-1, treating them as legacy interop only. This generator computes MD5, SHA-1, SHA-256, and SHA-512 entirely through the browser Web Crypto API, so source files and secret strings never travel to a hashing service — important when the input itself is under investigation or governed by an NDA.

// Related Tools

./json-formatter
JSON Formatter
Format, validate, and minify JSON in your browser.
./base64-encoder
Base64 Encoder
Encode text and files to Base64 format.
./url-encoder
URL Encoder
Percent-encode strings for safe transport in URLs.
./
All Tools
Browse the full set of Ultim8Soft online tools.

What is a cryptographic hash?

A cryptographic hash function takes an arbitrary-length input and emits a fixed-length digest. The same input always produces the same digest; flipping a single bit changes roughly half the output bits. This tool computes four of the most widely deployed digests — MD5 (RFC 1321), SHA-1, SHA-256, and SHA-512 (the SHA family is defined by FIPS 180-4) — for any text or file you supply, without ever sending the data off your device.

How does this hash generator work?

Hashing runs entirely on your machine. SHA-1, SHA-256, and SHA-512 are dispatched to the browser's native crypto.subtle.digest API; MD5 uses a bundled public-domain implementation because Web Crypto does not ship MD5. The steps are:

  1. Your input is read from the textarea, or your file is read from disk into an ArrayBuffer. Text is encoded as UTF-8 before hashing so the digest matches what a server-side hashlib.sha256(text.encode()) call would produce.
  2. Each algorithm pads the message to a block boundary and processes it block by block, mixing input bytes with the running internal state through a sequence of bitwise and modular-arithmetic operations.
  3. When the final block is consumed the internal state is finalised: MD5 yields 128 bits, SHA-1 yields 160 bits, SHA-256 yields 256 bits, and SHA-512 yields 512 bits.
  4. The raw digest bytes are formatted as either lowercase hexadecimal or standard Base64, depending on the encoding you pick above the panels.
  5. Each digest is written into its own readonly textarea with a Copy button. Switching on Live mode re-hashes on every keystroke so you can watch the avalanche effect in real time.

Which hash algorithm should I use?

The four algorithms shipped here cover the entire span from legacy checksums to current cryptographic recommendations. Pick by the job, not by familiarity:

  • MD5 (128-bit) — fast and ubiquitous, but cryptographically broken. Practical collisions have been public since 2004. Use it only for non-security checksums: deduplication keys, cache busters, ETag-style fingerprints, and verifying file integrity against a trusted catalogue.
  • SHA-1 (160-bit) — also deprecated for security. The SHAttered attack demonstrated a public PDF collision in 2017. Still seen in legacy Git object IDs, older TLS certificates, and HMAC constructions where the underlying hash break does not yet leak the key. Do not adopt it for new work.
  • SHA-256 (256-bit) — the current general-purpose default. Used in TLS certificate fingerprints, Bitcoin block hashes, software-release checksums, container image digests, and most modern code-signing pipelines. Pick this when in doubt.
  • SHA-512 (512-bit) — same SHA-2 family as SHA-256 with a larger internal state and wider 64-bit word size. Frequently faster than SHA-256 on 64-bit CPUs and the preferred choice when you need extra collision margin or longer digests for HMAC keys.

Why use this hash generator?

  • Privacy: every byte of input is hashed locally in your browser. No file upload, no network round-trip, no server log. The file picker reads from disk directly via the File API.
  • Four digests in one pass: paste once and read MD5, SHA-1, SHA-256, and SHA-512 side by side, switch the output encoding between hex and Base64 without re-hashing.
  • Standards-correct output: the SHA family is delegated to crypto.subtle.digest, which is the same FIPS 180-4 implementation your operating system already trusts. MD5 follows RFC 1321 byte for byte.
  • Built for verification work: live mode shows the avalanche effect as you type; the file panel handles binaries up to the memory the tab can hold so you can verify release archives without a terminal.

What are common applications of hash functions?

Hashes show up across day-to-day engineering work:

  • Verifying downloads: comparing the SHA-256 digest of a release archive against the value published on the project's website to confirm it was not tampered with in transit.
  • Debugging integrations: reproducing the exact MD5 or SHA-256 a partner service expects in a request signature so you can find the off-by-one in your canonical-string builder.
  • Content addressing: generating a deterministic ID from a payload to use as a cache key, deduplication marker, or Git-style object identifier.

What does a hash example look like?

Hashing the ASCII string hello produces 5d41402abc4b2a76b9719d911017c592 as the MD5, aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d as the SHA-1, 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 as the SHA-256, and a 128-character hex string starting 9b71d224bd62f3785d96d46ad3ea3d73... as the SHA-512. Adding a single trailing space and re-hashing changes every digest beyond recognition.

This hash generator runs entirely in your browser on the same primitives your operating system already trusts: Web Crypto for the SHA family and a small, audited MD5 routine for the one digest Web Crypto does not provide. Paste, drop a file, copy a digest — nothing else leaves the tab.