Generate MD5, SHA-1, SHA-256, SHA-384, SHA-512, and HMAC hashes from text or files. Compare hashes, verify file integrity, and copy results. Everything runs locally in your browser.
Last updated: March 2026 | Free to use, no signup required
A hash function takes an input of any size and produces a fixed-length output, called a digest. The same input always produces the same output, but even a single-bit change in the input produces a completely different digest. This property is called the avalanche effect. Good hash functions are one-way: given a digest, it is computationally infeasible to reconstruct the original input. These properties make hash functions useful for password storage, data integrity verification, digital signatures, and many other security applications.
Hash functions are deterministic. If you hash the string "hello" with SHA-256 today, you get the same 64-character hex string you would get next year on a different computer. This consistency is what allows systems to compare hashes instead of comparing raw data, which is the foundation of file integrity checking and password verification.
| Algorithm | Digest Size | Speed | Security Status |
|---|---|---|---|
| MD5 | 128 bits (32 hex chars) | Very fast | Broken for collision resistance. Not suitable for security purposes. Still used for checksums and non-security fingerprinting. |
| SHA-1 | 160 bits (40 hex chars) | Fast | Collision attacks demonstrated (SHAttered, 2017). Deprecated by NIST. Avoid for new systems. |
| SHA-256 | 256 bits (64 hex chars) | Moderate | Part of the SHA-2 family. Widely used and considered secure. Used in Bitcoin, TLS certificates, and code signing. |
| SHA-384 | 384 bits (96 hex chars) | Moderate | Truncated variant of SHA-512. Higher security margin than SHA-256. Used in government and financial systems. |
| SHA-512 | 512 bits (128 hex chars) | Moderate | Largest SHA-2 variant. Can be faster than SHA-256 on 64-bit processors due to native 64-bit arithmetic. |
For most use cases today, SHA-256 is the default recommendation. It provides a strong security margin, wide ecosystem support, and reasonable performance. MD5 and SHA-1 should only be used for backward compatibility or non-security purposes like deduplication and cache keys.
SHA-256 processes input in 512-bit (64-byte) blocks. The algorithm begins by padding the message: a single 1 bit is appended, followed by enough 0 bits to make the total length 448 mod 512, and then a 64-bit representation of the original message length. This guarantees the padded message is an exact multiple of 512 bits.
Eight 32-bit working variables are initialized to specific fractional parts of the square roots of the first eight prime numbers. For each 512-bit block, the algorithm expands the 16 input words into 64 words using bitwise rotations and shifts, then runs 64 rounds of compression. Each round combines the working variables with a round constant (derived from the cube roots of the first 64 primes) and a message schedule word through a mix of addition modulo 2^32, bitwise AND, XOR, and right-rotation operations.
After processing all blocks, the eight working variables are concatenated to produce the final 256-bit (32-byte) digest. The constants derived from prime numbers ensure there is no hidden structure or backdoor in the algorithm. This design, created by the NSA and published by NIST in 2001, has withstood over two decades of public cryptanalysis without any practical attack.
HMAC (Hash-based Message Authentication Code) combines a cryptographic hash function with a secret key to produce an authentication tag. Unlike a plain hash, an HMAC proves both integrity and authenticity: only someone who knows the secret key can generate or verify the tag. The construction is defined in RFC 2104 as HMAC(K, m) = H((K' XOR opad) || H((K' XOR ipad) || m)), where K' is the key padded to the block size, ipad is the byte 0x36 repeated, and opad is the byte 0x5c repeated.
HMAC is used extensively in API authentication (webhook signatures from Stripe, GitHub, and Slack all use HMAC-SHA256), JWT token signing (the HS256 algorithm), and secure cookie verification. The double-hashing construction protects against length-extension attacks that would be possible with a naive "hash the key concatenated with the message" approach. When you use the HMAC mode in this tool, the Web Crypto API handles the key derivation and double-hashing internally.
Software distributors publish hash values alongside their downloads so that users can verify they received an unmodified copy. The process is straightforward: download the file, compute its hash using the same algorithm the publisher specifies, and compare the two values character by character. If they match, the file has not been altered in transit or tampered with on a mirror. If even one character differs, the file should be discarded.
This tool provides two ways to verify file integrity. The main hash generator computes all selected algorithm digests from any uploaded file. The dedicated File Integrity Checker panel lets you paste an expected hash, select the algorithm, and upload the file. The tool computes the hash and displays a clear pass or fail indicator. This is particularly useful when downloading ISO images, firmware updates, or security-sensitive packages where a supply-chain compromise could have serious consequences.
For developers, hash-based integrity verification also underpins package managers (npm, pip, cargo all verify package hashes), Subresource Integrity (SRI) in browsers, and content-addressable storage systems like Git, which uses SHA-1 internally to identify every object in a repository.
Related tools: Password Generator, Base64 Encoder/Decoder, UUID Generator, JWT Decoder.
Yes. All hashing happens entirely in your browser using the Web Crypto API (for SHA algorithms) and a pure JavaScript implementation (for MD5). No data is transmitted to any server, stored, or logged. You can verify this by opening your browser's developer tools and monitoring the Network tab, or by disconnecting from the internet before using the tool. Your text and files never leave your machine.
MD5 produces a 128-bit (32-character hex) digest and is very fast, but it is cryptographically broken. Researchers have demonstrated practical collision attacks where two different inputs produce the same MD5 hash. SHA-256 produces a 256-bit (64-character hex) digest and has no known practical attacks after over 20 years of scrutiny. For any security-related purpose (password hashing, digital signatures, integrity verification), SHA-256 or stronger should be used. MD5 remains acceptable for non-security uses like cache keys and deduplication.
No. Cryptographic hash functions are designed to be one-way. Given a hash digest, there is no mathematical method to reconstruct the original input. For short inputs like common passwords, attackers use precomputed lookup tables (rainbow tables) or brute-force guessing, but this is not "reversing" the hash. It is guessing inputs until one matches. For sufficiently long and random inputs, this approach is computationally infeasible. This is why salted hashing (adding random data to each input before hashing) is standard practice for password storage.
HMAC (Hash-based Message Authentication Code) combines a hash function with a secret key to produce an authentication tag. A plain hash verifies integrity (the data has not been altered), while an HMAC verifies both integrity and authenticity (the data was created by someone who knows the secret key). Use HMAC when you need to verify that a message came from a trusted source, such as validating webhook signatures, signing API requests, or creating session tokens. Common HMAC algorithms include HMAC-SHA256 and HMAC-SHA512.
First, note the expected hash value published by the software distributor (usually on their download page or in a checksums file). Then use the File Integrity Checker panel in this tool: paste the expected hash, select the matching algorithm (typically SHA-256), and upload the downloaded file. The tool computes the file's hash in your browser and compares it character by character against the expected value. A green checkmark means the file is intact. A red indicator means the file differs from what the publisher intended, and you should re-download it from the official source.
Each hash algorithm is designed to produce a specific fixed-length digest regardless of input size. MD5 outputs 128 bits (32 hex characters), SHA-1 outputs 160 bits (40 hex characters), SHA-256 outputs 256 bits (64 hex characters), SHA-384 outputs 384 bits (96 hex characters), and SHA-512 outputs 512 bits (128 hex characters). Longer digests provide a larger output space, which means a lower probability of collisions (two different inputs producing the same hash). The tradeoff is that longer hashes require more storage space and slightly more computation, though the difference is negligible for most applications.