Hash Generator (MD5, SHA-256…)
Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text in your browser. Verify checksums without leaking the input.
| Algorithm | Hash | |
|---|---|---|
| MD5 | — | |
| SHA-1 | — | |
| SHA-256 | — | |
| SHA-384 | — | |
| SHA-512 | — |
Use this free hash generator to compute MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes from any text — instantly, in your browser. Useful for checksums, fingerprinting, debugging signature mismatches, or verifying that two pieces of text are byte-for-byte identical.
How to use it
No account, no upload — it all happens on your device.
MD5 vs SHA-1 vs SHA-256 — which one should you use?
A cheat sheet for picking the right algorithm.
| Algorithm | Output | Speed | Safe for… |
|---|---|---|---|
| MD5 | 128 bits (32 hex chars) | Fastest | Checksums, dedup, cache keys — NOT security |
| SHA-1 | 160 bits (40 hex chars) | Very fast | Git object IDs — legacy only, also broken |
| SHA-256 | 256 bits (64 hex chars) | Fast | TLS certs, signing, password hashing input, blockchains |
| SHA-384 | 384 bits (96 hex chars) | Fast | Suite-B compliance, long-term archives |
| SHA-512 | 512 bits (128 hex chars) | Slightly faster than SHA-256 on 64-bit CPUs | When you want extra collision resistance |
Rule of thumb: for anything that could plausibly be attacked — signatures, certificates, integrity that someone might want to forge — use SHA-256 or stronger. For non-security uses like cache keys or detecting accidental file corruption, MD5 is still fine and noticeably faster.
Known test vectors
Standard inputs you can paste in to verify the tool works correctly.
| Input | MD5 | SHA-256 |
|---|---|---|
| "" (empty string) | d41d8cd98f00b204e9800998ecf8427e | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| "abc" | 900150983cd24fb0d6963f7d28e17f72 | ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad |
| "The quick brown fox jumps over the lazy dog" | 9e107d9d372bb6826bd81d3542a419d6 | d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592 |
These come from RFC 1321 (MD5) and FIPS 180-4 (SHA family). Pasting any of them in should produce the matching hash; if it doesn't, suspect a stray newline, BOM, or character-encoding mismatch.
Why "broken" doesn't mean "useless"
You'll often see MD5 and SHA-1 described as broken. That is a precise claim: researchers have demonstrated collision attacks against them, where an attacker can craft two different inputs that produce the same hash. That breaks any use case where someone might benefit from forging a hash — code signing, certificates, document attestation.
It does not break uses where you only need to detect accidental corruption or to fingerprint content for caching. A random bit flip is overwhelmingly likely to change the MD5; only a motivated attacker can craft a collision. So MD5 still dominates checksum lists, package manifests, and content- addressed storage.
Common debugging gotchas
Why two tools sometimes disagree on the "same" input.
- Trailing newline. The shell's
echoadds a\n; useecho -norprintf %sfor an exact byte-for-byte match. - Encoding. This tool hashes the UTF-8 bytes of the text. If another tool is using UTF-16 or Latin-1, all hashes will differ even when the text on screen looks the same.
- Invisible characters. A copy-pasted string may carry a BOM (U+FEFF) or a non-breaking space (U+00A0) that looks like a regular space. Re-typing the content often fixes this.
- Line endings. Windows uses
\r\nand Unix uses\n. A file round-tripped through a Windows editor will produce different hashes than the original.