Hash Generator - MD5, SHA-1, SHA-256, SHA-384, SHA-512 (Text & File)
Compute MD5, SHA-1, SHA-256, SHA-384 and SHA-512 hex digests of any text or file. SHA via the browser's built-in Web Crypto API — your data never leaves your device.
Paste text to hash…
or drop any file
Done with Hash Generator? Try these next
Hand-picked tools that pair well with Hash Generator. Keep going without losing your file.
Password Generator
Generate strong cryptographically-random passwords up to 128 characters with live entropy estimation.
Try it nowBase64 Encoder / Decoder
Encode any text or file to Base64 (with URL-safe variant), or decode Base64 back to text. UTF-8 safe.
Try it nowJWT Decoder
Decode JSON Web Tokens, view header and payload, check expiry. Local-only — your tokens never leave the browser.
Try it nowURL Encoder / Decoder
Percent-encode URL components or whole URLs, and decode them back. encodeURIComponent and encodeURI modes.
Try it nowJSON Prettify
Format, validate and minify JSON in your browser. Pretty 2 / 4 / 8 space indent or one-line minify with copy + download.
Try it nowDiff Checker
Compare two text snippets line by line. Split or unified view, optional ignore whitespace and ignore case.
Try it nowFrequently Asked Questions
SHA-1, SHA-256, SHA-384 and SHA-512 — every algorithm exposed by the browser's Web Crypto API. The digest is shown as a lowercase hexadecimal string, which is the format expected by checksum files, package manifests and HMAC tooling.
featuresThey differ in output length and design generation. SHA-256 is the modern default for integrity checks and most blockchain use. SHA-384 and SHA-512 produce longer digests that resist length-extension attacks. SHA-1 is shown for legacy compatibility but is no longer considered safe against collision attacks.
technicalMD5 is broken: collision attacks are practical on a laptop, so it must not be used for security-sensitive work. We intentionally omit it to discourage new code from depending on it. For non-security uses like cache keys, prefer SHA-256 truncated to the size you need.
technicalBoth. Paste a string or drop a file into the input box — the tool reads the file as a binary stream and feeds it directly to the hashing API, so the digest matches the one produced by sha256sum, openssl dgst or PowerShell's Get-FileHash.
featuresNo. Cryptographic hashes are one-way functions: given a digest, there is no efficient way to recover the input. That is the entire point — integrity checks, password storage and signatures all rely on this property.
technicalNo. The Web Crypto API runs the hash inside your browser, so the input never crosses the network. That makes the tool safe for secrets, private keys and any file you would not want to upload.
privacyYes. Switch the Source toggle to Text to hash a pasted string, or to File to drop in any file. Either way the tool computes SHA-1, SHA-256, SHA-384 and SHA-512 at once and lets you copy any of them, so a file digest matches what sha256sum or PowerShell's Get-FileHash would produce.
featuresEach algorithm row (MD5, SHA-1, SHA-256, SHA-384, SHA-512) has its own Copy button next to the hex digest. The large primary button at the bottom is a shortcut for SHA-256 specifically since it's the most commonly requested value, but every other digest can be copied individually the same way.
usageYes — MD5 is shown alongside SHA-1, SHA-256, SHA-384 and SHA-512 even though the browser's built-in Web Crypto API doesn't implement MD5. The tool includes its own pure-JavaScript MD5 implementation specifically so you can match checksums against old downloads, ETags and manifests that still publish MD5 — it's included for legacy compatibility, never for anything security-sensitive.
technicalClick Clear at any time to wipe the pasted text or dropped file — the previous digests disappear immediately so you're never comparing a stale hash by accident. You can also just switch the Source toggle between Text and File; each source keeps its own input independently.
usageSwitch the Source toggle to File, drop the download (installer, ISO, archive) into the tool, and compare the SHA-256 row against the checksum published on the publisher's site — use the one-click Copy SHA-256 button to paste it straight into a comparison instead of retyping the long hex string. Because hashing runs locally via Web Crypto, the file itself never leaves your device during the check.
tipsHow Hash Generator helps you get it done
Real problems it solves every day — for businesses, creators, and everyday tasks. Find the use case that fits you and start in seconds.
Verify File Integrity After Download
Compute the SHA-256 digest of an ISO, installer or release artifact and compare it with the publisher's checksum to confirm the file was not corrupted or tampered with
Detect Duplicates in Large Image Libraries
Hash files to find duplicate photos, documents or assets across folders, NAS shares and cloud drives without comparing them byte-by-byte every time
Sign & Validate Webhook Payloads
Generate the SHA-256 digest of a webhook body to validate Stripe, GitHub, Shopify and Twilio HMAC signatures during local integration work and debugging
Fingerprint Software Releases for Auditing
Produce SHA-512 fingerprints for binaries, container images and release tarballs so compliance teams can audit which exact build shipped to which customer
Generate Cache Keys & ETags
Hash request bodies, query parameters or file contents to derive deterministic cache keys for Redis, Cloudflare Workers and CDN ETag headers
Confirm Backup Integrity Over Time
Store SHA-256 digests of monthly backups and re-hash them later to confirm bit-rot has not silently corrupted critical archives on long-term storage media
Check Legacy MD5 Checksums From Old Downloads
Some older software manifests and mirror sites still only publish an MD5 checksum. Drop the file into File mode and compare against the published MD5 row — included specifically for matching those legacy listings, not for anything security-sensitive.
Password & Secret Fingerprinting for Config Audits
Paste a config value, API key or password into Text mode to get its SHA-256 fingerprint for audit logs and diff comparisons — prove two environments hold the same secret without ever exposing the secret itself, since hashing runs entirely in your browser.
Timestamp Proof for Written Work
Hash a manuscript, contract draft or design file with SHA-256 and publish or email just the digest before revealing the finished document — later you can prove the exact content existed at that time, since anyone with the file can verify it matches your published hash.
Data Migration Verification
Hash export files before and after a database or cloud migration to prove byte-for-byte fidelity — compare the SHA-256 digests of the CSV/JSON exports on both ends instead of eyeballing millions of rows.
Classroom Integrity Checks for Submitted Files
Instructors can hash a released dataset or starter-code file and ask students to report the matching digest alongside their submission, confirming nobody edited the starting material before beginning the assignment.
Verify Software Downloads and OS Images Before You Install Them
Drop a freshly downloaded installer, Linux ISO or archive into File mode and compare the SHA-256 row against the checksum the publisher lists on their official download page — this is the single most common reason people reach for a hash generator, and it catches a corrupted download or a tampered mirror before you run anything untrusted on your machine.
Pixoate