Skip to content
1001 Tools
sr
Developer tools

Hash Generator

Type or paste text and get its SHA-1, SHA-256, SHA-384 and SHA-512 hashes at once. The digests are computed by your browser’s built-in Web Crypto engine, so your input never leaves the page. Copy any hash with one click.

Enter some text to see its hashes.

Hashes are computed locally with the Web Crypto API. SHA-1 is legacy — prefer SHA-256 or stronger for security.

How it works

Your text is encoded as UTF-8 bytes and passed to the browser’s SubtleCrypto.digest, the same audited implementation used for TLS and Subresource Integrity. Each algorithm returns a fixed-length digest — 40 hex characters for SHA-1, 64 for SHA-256, 96 for SHA-384 and 128 for SHA-512 — shown here in lowercase hex, with an option to switch to uppercase.

Hashes are one-way: the same input always produces the same digest, but you can’t reverse a digest back to the text. A single changed character produces a completely different hash, which is what makes these functions useful for integrity checks and fingerprinting. Note that MD5 isn’t offered — browsers don’t expose it, and it’s unsuitable for security anyway.

Practical examples

Verifying a download

A project lists its release as SHA-256 ba78…15ad. Paste the same content here (or compare against a checksum file) to confirm the hashes match before trusting the file.

A stable fingerprint for a string

Hashing a config blob gives a short, fixed 64-character SHA-256 you can use as a cache key or version tag — it changes only when the content does.

Seeing the avalanche effect

Hash “abc”, then “abd”. Although only one letter changed, the two SHA-256 digests share almost no characters — small input changes scramble the whole output.

Frequently asked questions

Which hash algorithm should I use?

SHA-256 is the sensible default for integrity checks and fingerprints. SHA-384 and SHA-512 give longer digests for higher-security contexts. SHA-1 is included for compatibility with older systems but is considered broken for security use — don’t rely on it for anything new.

Why is MD5 not available?

The Web Crypto API deliberately omits MD5 because it’s cryptographically broken. Since this tool uses only the browser’s built-in crypto (no third-party code), MD5 simply isn’t on the menu. Use SHA-256 instead.

Can I recover the original text from a hash?

No. Hashing is one-way by design. Given a digest there’s no practical way to compute the input; that’s the whole point of a cryptographic hash. Anyone claiming to “decrypt” a hash is really just guessing inputs and comparing.

Does it hash the text as bytes or characters?

As bytes. The text is first encoded to UTF-8, so accented and non-Latin characters hash consistently with other UTF-8 tools and languages. That’s why “č” yields a stable 64-character SHA-256.

Are the results the same as a command-line tool?

Yes, as long as the input bytes match. echo -n "abc" | sha256sum gives the same digest you see here for “abc”, because both hash the same UTF-8 bytes with no trailing newline.

Can I hash files?

This tool hashes text you type or paste. For a file you’d need to read its raw bytes; for now, paste the text content. File hashing may be added later.

Is my input sent to a server?

No. Everything is computed locally by your browser’s Web Crypto engine. Nothing is uploaded, so it’s safe for secrets, tokens or private text — though you should still avoid pasting real production secrets into any web page.

Why does the empty string still have a hash?

Because a hash function accepts any byte sequence, including zero bytes. The SHA-256 of an empty string is the well-known e3b0c442…b855, which is often used as a sentinel value.

Related tools