Hash Generator

How to use Hash Generator

1. 1
   Enter the text to hash

   Click the Text tab and type or paste the content you want to hash. The hash updates automatically as you type.

2. 2
   Choose an algorithm

   Select MD5, SHA-1, SHA-256, or SHA-512 from the algorithm toggle. Each algorithm produces a different-length output: MD5=32 hex chars, SHA-1=40, SHA-256=64, SHA-512=128.

3. 3
   Hash a file instead

   Switch to the File tab, then drag and drop a file or click to browse. The tool reads the file locally and computes its hash — nothing is uploaded.

4. 4
   Generate an HMAC

   Enable the HMAC toggle and enter a secret key to compute an authentication code. HMAC is used to verify both the integrity and authenticity of a message.

5. 5
   Copy the hash output

   Click the Copy button to copy the hash string to your clipboard. The output is always lowercase hex.

Frequently Asked Questions

What is the difference between MD5, SHA-1, SHA-256, and SHA-512?

MD5 produces a 128-bit (32 hex character) hash and is fast but cryptographically broken — do not use it for security purposes. SHA-1 produces 160 bits (40 characters) and is also deprecated for security use. SHA-256 (256 bits, 64 characters) and SHA-512 (512 bits, 128 characters) are part of the SHA-2 family and remain secure for most uses. SHA-256 is the current industry standard for checksums and digital signatures.

Can I use MD5 or SHA-1 for password hashing?

No. MD5 and SHA-1 are too fast for password storage — attackers can brute-force billions of guesses per second using GPUs. Use a slow, password-specific algorithm like bcrypt, scrypt, or Argon2 instead. This tool is intended for checksums, data integrity checks, and educational use.

What is HMAC and when should I use it?

HMAC (Hash-based Message Authentication Code) combines a cryptographic hash function with a secret key. Unlike a plain hash, HMAC proves both that the data has not been tampered with AND that it came from someone who knows the secret key. It is used in API authentication (e.g., AWS Signature), JWT signing, and webhook verification.

Is my data private when I use this tool?

Yes. All hashing happens entirely in your browser. Text is hashed using the Web Crypto API and js-md5 library — nothing leaves your device. File hashing also happens locally; files are never uploaded.

Why does the same input always produce the same hash?

Hash functions are deterministic — the same input always produces the same output. This property makes them useful for verifying file integrity. Even a single character change completely changes the output (avalanche effect). The only way to get the same hash is to have identical input.

Related Tools