Hash Generator

Generate SHA-256, SHA-384, SHA-512, or SHA-1 hashes from text or files. 100% client-side via Web Crypto API.

Input
Output
Enter text or select a file to generate a hash.

How to Use the Hash Generator

  1. Enter your text in the input area on the left (or top on mobile), or click "Hash File" to select a file from your device.
  2. Choose a hash algorithm — SHA-256 (default), SHA-384, SHA-512, or SHA-1.
  3. View the hash — the hexadecimal hash digest appears instantly on the right.
  4. Copy or download — use the buttons above the output to copy the hash to your clipboard or download it as a text file.

What This Tool Does

This hash generator uses the Web Crypto API built into modern browsers to compute cryptographic hash digests. When you enter text or select a file, the tool converts the input into bytes, passes them through the selected hashing algorithm, and displays the resulting fixed-length hexadecimal string. Everything happens locally in your browser — no data is ever transmitted to a server.

Features

  • Four algorithms — SHA-256, SHA-384, SHA-512, and SHA-1, all via the native Web Crypto API
  • Text and file hashing — hash plaintext input or any file from your device
  • Real-time updates — hashes are computed as you type with debounced processing
  • Hex output — standard lowercase hexadecimal representation of the hash digest
  • Copy and download — one-click copy to clipboard or download as a .txt file
  • Privacy first — no server round-trips, no logging, no data collection

Understanding Hash Algorithms

The SHA (Secure Hash Algorithm) family was designed by the NSA and published by NIST. SHA-256 is the most commonly used variant and produces a 256-bit (64-character hex) digest. It is used in TLS certificates, Git commits, Bitcoin mining, and countless other applications. SHA-384 and SHA-512 produce longer digests (96 and 128 hex characters respectively) and offer a larger hash space, though all three SHA-2 variants are considered equally secure against known attacks.

SHA-1: Deprecated but Still Useful

SHA-1 produces a 160-bit (40-character hex) digest. While it has been deprecated for cryptographic security since Google demonstrated a practical collision attack in 2017 (the SHAttered project), SHA-1 is still widely used for non-security purposes like Git object hashing and checksum verification. This tool includes SHA-1 for convenience, but you should use SHA-256 or higher for any security-sensitive application.

Why No MD5?

MD5 is intentionally excluded from the Web Crypto API specification. MD5 has been cryptographically broken since 2004, and practical collision attacks can be performed in seconds on modern hardware. The Web Crypto API enforces security best practices by only exposing algorithms that meet minimum security standards. If you need MD5 for legacy compatibility, you will need a dedicated JavaScript library — but for any new project, use SHA-256.

Common Use Cases

Hash functions are used for data integrity verification (comparing file checksums), password storage (hashing passwords before storing them), digital signatures (signing a hash of a document rather than the document itself), content addressing (Git uses SHA-1 to identify commits and objects), and deduplication (comparing hashes to find duplicate files). This tool lets you quickly generate hashes for any of these use cases directly in your browser. For related security tools, try our Base64 Encoder, Password Generator, or UUID Generator.

Frequently Asked Questions

A hash function is a mathematical algorithm that takes an input of any size and produces a fixed-size string of characters, called a hash or digest. The same input always produces the same hash, but even a tiny change in input produces a completely different output. Hash functions are one-way: you cannot reverse a hash to recover the original input.
No. This hash generator uses the Web Crypto API built into your browser. All hashing is performed locally on your device. Your text and files never leave your machine. There is no server-side processing, no logging, and no data collection.
MD5 is not available through the Web Crypto API by design. MD5 has been cryptographically broken since 2004 and is vulnerable to collision attacks. The Web Crypto API only exposes secure algorithms: SHA-1 (deprecated but available), SHA-256, SHA-384, and SHA-512. For security purposes, use SHA-256 or higher.
SHA-256 produces a 256-bit (32-byte) hash represented as a 64-character hexadecimal string. SHA-512 produces a 512-bit (64-byte) hash represented as a 128-character hexadecimal string. SHA-512 provides a larger hash space but is slightly slower. Both are considered cryptographically secure. SHA-256 is the most widely used for general purposes.
Yes. Click the file input button to select any file from your device. The file is read entirely in your browser and hashed using the selected algorithm. This is useful for verifying file integrity, checking downloads, or generating checksums.