Hash Generator

A cryptographic hash function takes any input — a single character, a paragraph, or an entire file — and produces a fixed-size output called a digest or hash. The same input always produces the same hash. Even changing a single bit of input produces a completely different hash (the "avalanche effect"). Hash functions are one-way: you cannot reverse a hash to recover the original input. These properties make them essential for data integrity checks, digital signatures, and password storage.

MD5 is cryptographically broken — practical collision attacks have been demonstrated since 2004, and chosen-prefix collisions are now fast and cheap. It should never be used for digital signatures, certificate verification, or password hashing. However, MD5 is still widely used for non-security purposes like file download verification, cache key generation, and deduplication where accidental (not malicious) collision is the only concern.

SHA-1 produces a 160-bit (40 hex character) hash and is considered cryptographically weak — Google's SHAttered project demonstrated a practical collision in 2017. All major browsers and certificate authorities have deprecated SHA-1. SHA-256, part of the SHA-2 family, produces a 256-bit (64 hex character) hash and is currently considered secure. SHA-256 is the standard for TLS certificates, Bitcoin's proof-of-work, and most modern digital signature schemes.

Raw hash functions like SHA-256 should not be used directly for password storage because they're designed to be fast — an attacker can try billions of guesses per second. Instead, use purpose-built password hashing functions like bcrypt, scrypt, or Argon2. These are intentionally slow (with configurable work factors) and include a random salt to prevent rainbow table attacks.

No. All hashing happens entirely in your browser using the Web Crypto API (for SHA algorithms) and a JavaScript implementation (for MD5). Your text and files never leave your device.