MD5 is broken - it's trivial to find collisions. The Web Crypto API intentionally doesn't expose it. If you need MD5 for a legacy checksum, use a dedicated library.

Hash Generator (SHA-1, SHA-256, SHA-384, SHA-512)

Compute cryptographic hashes of text in your browser.

Runs in your browser

Paste text and we'll compute SHA-1, SHA-256, SHA-384 and SHA-512 using the native Web Crypto API. Output is hex; flip a switch for Base64.

Text

Output format:hexbase64

SHA-1

SHA-256

SHA-384

SHA-512

How to use it

Paste your text
Drop a string into the input. The hash recomputes on every keystroke.
Pick the output format
Hex is the default and the format most CLIs print. Switch to Base64 when you're embedding the digest in a URL or HTTP header.
Compare with the expected value
Use the copy button to paste the hash next to the one published by the file's source, or alongside a server-side digest.

What is it?

A cryptographic hash function takes any input and produces a fixed-size fingerprint that's effectively impossible to reverse and (for modern hashes) effectively impossible to collide with a different input. SHA-256 outputs 256 bits (64 hex characters), SHA-512 outputs 512 bits, and so on. The hash for the same input is identical every time, which makes it ideal for verifying file integrity, comparing API payloads, and generating content-addressable IDs.

When to use it

Verify file downloads by comparing a published hash with the hash of the file you received. Use as content-addressable identifiers for cache keys (the hash of the inputs to a computation). Embed in HTTP integrity (`Subresource Integrity`) attributes. Use as a fingerprint for deduplication. Avoid for password storage - passwords need a slow, salted KDF like bcrypt, scrypt or Argon2, not a fast cryptographic hash.

Common mistakes

Don't use a fast hash to store passwords; SHA-256 on a GPU can try billions of guesses per second. Don't trust MD5 or SHA-1 for security-critical comparisons - both are broken. Watch the encoding: hashing 'abc' produces a different result than hashing the UTF-16 string 'abc'; the Web Crypto API hashes the UTF-8 bytes we provide.

FAQ

Why no MD5?: MD5 is broken - it's trivial to find collisions. The Web Crypto API intentionally doesn't expose it. If you need MD5 for a legacy checksum, use a dedicated library.

Base64 Encoder / Decoder

Encode and decode Base64 strings (text and files).

Password Generator

Generate strong, random passwords using your browser's CSPRNG.

UUID Generator

Generate v4 (random) and v7 (time-sorted) UUIDs in bulk.