Hash Generator

Generate cryptographic hashes from text or files. Supports HMAC. Everything runs in your browser.

Your text never leaves your browser. All hashing is done locally.

Tips

SHA-256 Is the Standard Choice

SHA-256 is the most widely used secure hash algorithm today. It is used in TLS certificates, Git commits, Bitcoin, and most modern security protocols.

MD5 and SHA-1 Are Broken for Security

Collision attacks have been demonstrated for both MD5 and SHA-1. They should not be used for digital signatures or certificates. However, they remain useful for non-security checksums and legacy system compatibility.

HMAC Adds Authentication to Hashing

HMAC combines a secret key with a hash function, producing a signature that proves both integrity and authenticity. It is essential for webhook verification and API request signing.

File Hashes Verify Download Integrity

Software distributors publish SHA-256 checksums alongside downloads. By hashing the downloaded file locally and comparing, you can confirm the file has not been corrupted or tampered with.

Common Use Cases

🔒

Verify File Integrity

Hash downloaded files and compare against published checksums to ensure they have not been corrupted or tampered with.

🔑

Webhook Signature Verification

Use HMAC to verify that incoming webhooks are authentic and have not been modified in transit.

💾

Data Deduplication

Generate hashes of file contents to efficiently detect duplicates without comparing entire files.

🔐

Password Hashing Reference

Understand hash output formats when working with authentication systems. Note: use bcrypt or Argon2 for actual password storage, not raw SHA.

📋

Git Commit Identification

Git uses SHA-1 (migrating to SHA-256) to identify commits, trees, and blobs. Understanding hashing helps with Git internals.

⚖️

Digital Forensics

Create cryptographic fingerprints of evidence files to prove they have not been altered since collection.

Frequently Asked Questions

What is a hash function?
A hash function takes any input and produces a fixed-size output (the hash or digest). The same input always produces the same hash, but even a tiny change in the input produces a completely different hash. Hashing is a one-way operation — you cannot reverse it to recover the original input.
Which algorithm should I choose?
Use SHA-256 for general-purpose secure hashing. Use MD5 or SHA-1 only for non-security checksums or legacy compatibility. Use SHA-512 for higher security margins. Use SHA-3 when a non-SHA-2 family algorithm is required by policy.
Is MD5 still safe to use?
MD5 is cryptographically broken — collision attacks are practical. It should never be used for digital signatures, certificates, or password hashing. However, it is still acceptable for non-security checksums like verifying file transfers where no adversary is involved.
Does my data leave the browser?
No. All hashing is performed entirely in your browser using the Web Crypto API and JavaScript. Your text and files never leave your device.
What is HMAC?
HMAC (Hash-based Message Authentication Code) combines a secret key with a hash function. Unlike a plain hash, HMAC proves that the message was created by someone who knows the key, providing both integrity and authentication.
Can I reverse a hash to get the original text?
No. Hash functions are designed to be one-way. There is no mathematical method to reverse a hash. Brute-force or dictionary attacks can sometimes find inputs that produce a given hash, but this is not reversal — it is guessing.
⚖️ Hash Compare 🔓 JWT Decoder / Inspector 🔤 Base64 Encoder / Decoder